* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
* Improved security of the JavaScript Just In Time (JIT) Compiler
* WebRTC fixes to improve performance and stability
* Added support for document.elementsFromPoint
* Added HKDF support for Web Crypto API
* requires NSPR 4.12 and NSS 3.22.3
* added patch to fix unchecked return value
mozilla-check_return.patch
* Gtk3 builds not supported at the moment
security fixes:
* MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
Miscellaneous memory safety hazards
* MFSA 2016-40/CVE-2016-2809 (bmo#1212939)
Privilege escalation through file deletion by Maintenance Service updater
(Windows only)
* MFSA 2016-41/CVE-2016-2810 (bmo#1229681)
Content provider permission bypass allows malicious application
to access data (Android only)
* MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776)
Use-after-free and buffer overflow in Service Workers
* MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650)
Disclosure of user actions through JavaScript with motion and
orientation sensors (only affects mobile variants)
* MFSA 2016-44/CVE-2016-2814 (bmo#1254721)
Buffer overflow in libstagefright with CENC offsets
* MFSA 2016-45/CVE-2016-2816 (bmo#1223743)
CSP not applied to pages sent with multipart/x-mixed-replace
* MFSA 2016-46/CVE-2016-2817 (bmo#1227462)
Elevation of privilege with chrome.tabs.update API in web extensions
* MFSA 2016-47/CVE-2016-2808 (bmo#1246061)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=500