Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)

This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the
following issues:

MozillaFirefox was updated to Firefox 45.0 (boo#969894)

• requires NSPR 4.12 / NSS 3.21.1
• Instant browser tab sharing through Hello
• Synced Tabs button in button bar
• Tabs synced via Firefox Accounts from other devices are now shown in
  dropdown area of Awesome Bar when searching
• Introduce a new preference (network.dns.blockDotOnion) to allow blocking
  .onion at the DNS level
• Tab Groups (Panorama) feature removed
• MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety
  hazards
• MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and
  potential privilege escalation through CSP reports
• MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip
  location information for embedded iframe pages
• MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with
  Intel drivers
• MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright
  when deleting an array during MP4 processing
• MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be
  overridden
• MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager
  out-of-bounds read in Service Worker Manager
• MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in
  HTML5 string parser
• MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in
  SetBody
• MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using
  multiple WebRTC data channels
• MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when
  modifying a file being read by FileReader
• MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML
  transformations
• MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though
  history navigation and Location protocol property
• MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation
  using perfomance.getEntries and history navigation with session restore
• MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli
  decompression
• MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with
  malicious NPAPI plugin
  • MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
    CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found
    through code inspection
• MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in
  GetStaticInstance in WebRTC
• MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML
  parser following a failed allocation
• MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1
  decoding in NSS (fixed by requiring 3.21.1)
• MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during
  processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
• MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
  CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
  CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
  CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the
  Graphite 2 library

mozilla-nspr was updated to version 4.12

• added a PR_GetEnvSecure function, which attempts to detect if the
  program is being executed with elevated privileges, and returns NULL if
  detected. It is recommended to use this function in general purpose
  library code.
• fixed a memory allocation bug related to the PR_*printf functions
• exported API PR_DuplicateEnvironment, which had already been added in
  NSPR 4.10.9
• added support for FreeBSD aarch64
• several minor correctness and compatibility fixes

mozilla-nss was updated to NSS 3.21.1 (bmo#969894)

• required for Firefox 45.0
• MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1
  decoding in NSS (fixed by requiring 3.21.1)
• MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during
  processing of DER encoded keys in NSS (fixed by requiring 3.21.1)