firefox is vulnerable to Arbitrary Code Execution attacks. This is due to an error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.
rhn.redhat.com/errata/RHSA-2016-2780.html
www.securityfocus.com/bid/94336
www.securitytracker.com/id/1037298
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=1303678
rhn.redhat.com/errata/RHSA-2016-2780.html
security.gentoo.org/glsa/201701-15
www.debian.org/security/2016/dsa-3730
www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.5
www.mozilla.org/security/advisories/mfsa2016-89/
www.mozilla.org/security/advisories/mfsa2016-90/
www.mozilla.org/security/advisories/mfsa2016-93/