This patch contains
- mozilla-nss 3.15.3.1 which includes a certstore update
(1.95) to explicitely revoke AC DG Tresor SSL
intermediate CA which was misused.
- Firefox 24.2esr
- Thunderbird 24.2
- Seamonkey 2.23
These updates fix several security issues:
- CVE-2013-5611 Mozilla: Application Installation
doorhanger persists on navigation (MFSA 2013-105)
- CVE-2013-5609 Mozilla: Miscellaneous memory safety
hazards (rv:24.2) (MFSA 2013-104)
- CVE-2013-5610 Mozilla: Miscellaneous memory safety
hazards (rv:26.0) (MFSA 2013-104)
- CVE-2013-5612 Mozilla: Character encoding cross-origin
XSS attack (MFSA 2013-106)
- CVE-2013-5614 Mozilla: Sandbox restrictions not applied
to nested object elements (MFSA 2013-107)
- CVE-2013-5616 Mozilla: Use-after-free in event listeners
(MFSA 2013-108)
- CVE-2013-5619 Mozilla: Potential overflow in JavaScript
binary search algorithms (MFSA 2013-110)
- CVE-2013-6671 Mozilla: Segmentation violation when
replacing ordered list elements (MFSA 2013-111)
- CVE-2013-6673 Mozilla: Trust settings for built-in roots
ignored during EV certificate validation (MFSA 2013-113)
- CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse
movement (MFSA 2013-114)
- CVE-2013-5615 Mozilla: GetElementIC typed array stubs can
be generated outside observed typesets (MFSA 2013-115)
- CVE-2013-6672 Mozilla: Linux clipboard information
disclosure though selection paste (MFSA 2013-112)
- CVE-2013-5618 Mozilla: Use-after-free during Table
Editing (MFSA 2013-109)