firefox is vulnerable to denial of service (DoS) attacks. The vulnerability exists through multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html
lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html
lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
rhn.redhat.com/errata/RHSA-2015-1834.html
rhn.redhat.com/errata/RHSA-2015-1852.html
www.debian.org/security/2015/dsa-3365
www.mozilla.org/security/announce/2015/mfsa2015-96.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/76816
www.securitytracker.com/id/1033640
www.ubuntu.com/usn/USN-2743-1
www.ubuntu.com/usn/USN-2743-2
www.ubuntu.com/usn/USN-2743-3
www.ubuntu.com/usn/USN-2743-4
www.ubuntu.com/usn/USN-2754-1
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=1044077
bugzilla.mozilla.org/show_bug.cgi?id=1152026
bugzilla.mozilla.org/show_bug.cgi?id=1161063
bugzilla.mozilla.org/show_bug.cgi?id=1181651
bugzilla.mozilla.org/show_bug.cgi?id=1183153
bugzilla.mozilla.org/show_bug.cgi?id=1186962
bugzilla.mozilla.org/show_bug.cgi?id=1201793
bugzilla.mozilla.org/show_bug.cgi?id=1202844
rhn.redhat.com/errata/RHSA-2015-1834.html
www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.3