Mozilla Firefox is being updated to the current Firefox 38ESR branch
(specifically the 38.2.0ESR release).
Security issues fixed:
- MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file
stealing via PDF reader
- MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety
hazards (rv:40.0 / rv:38.2)
- MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file
- MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable
JavaScript object properties
- MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright
- MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in
JavaScript
- MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling
bitmap images
- MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx
when decoding WebM video
- MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:
Vulnerabilities found through code inspection
- MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with
shared workers
This update also contains a lot of feature improvements and bug fixes from
31ESR to 38ESR.
Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which
is what Firefox 38ESR uses.