Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Firefox < 45 Multiple Vulnerabilities

Critical

Synopsis

The specific version of Firefox that the system is running is reportedly affected by multiple vulnerabilities.

Description

The specific version of Firefox that the system is running is reportedly affected by the following vulnerabilities:

- Mozilla Firefox contains a flaw in the ValueNumberer::fixupOSROnlyLoop() function in jit/ValueNumbering.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the Downscaler::BeginFrame() function in image/Downscaler.cpp that is triggered when failing to compute filters for image downscaling. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the JSScript::maybeSweepTypes() function in vm/TypeInference.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the DispatchEvents() function in layout/style/nsAnimationManager.h and layout/style/nsTransitionManager.h that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in dom/base/Console.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the PeerConnectionMedia::SelfDestruct_m() function in media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the nsICODecoder::ReadDirEntry() function in image/decoders/nsICODecoder.cpp that is triggered when rendering ICO sub-images. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the nsIDNService::IDNA2008ToUnicode() function in netwerk/dns/nsIDNService.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated when handling image decoding. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the DiscardTransferables() function in vm/StructuredClone.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the Assembler::GetCF32Target() function in jit/arm/Assembler-arm.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the GetPcScript() function in jit/JitFrames.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the JSFunction::isDerivedClassConstructor() function in js/src/jsfun.cpp that is triggered when handling lazy self-hosted functions. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in js/src/jit/Lowering.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the EventListenerManager::HandleEventInternal() function in dom/events/EventListenerManager.cpp. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in layout/base/nsRefreshDriver.cpp that is triggered when handling transition events. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in dom/media/systemservices/CamerasChild.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- libvpx contains a flaw in the vp8_mb_init_dequantizer() function in vp8/decoder/decodeframe.c that is triggered as user-supplied input is not properly validated. With specially crafted media content, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- libvpx contains a flaw in the vp8_loop_filter_frame_init() function in media/libvpx/vp8/common/loopfilter.c that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in dom/xslt/xslt/txMozillaTextOutput.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in dom/gamepad/windows/WindowsGamepad.cpp that is triggered when handling WindowsGamepadService shutdown. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the nsCSPContext::SendReports() function in dom/security/nsCSPContext.cpp that is triggered during the handling of Content Security Policy (CSP) violation reports. This may allow a context-dependent attacker to overwrite arbitrary files on a user's machine and potentially gain elevated privileges. (CVE-2016-1954)

- Mozilla Firefox contains a flaw in dom/security/nsCSPContext.cpp that is due to Content Security Policy (CSP) violation reports containing full path information for cross-origin iframe navigations in violation of the CSP specification. This may allow a context-dependent attacker to gain unauthorized access to sensitive information. (CVE-2016-1955)

- Mozilla Firefox contains a flaw in gfx/gl/GLContext.cpp when using Intel Video cards that is triggered when performing WebGL operations that require a large amount buffer to be allocated from video memory. This may allow a context-dependent to cause a consumption of memory resources that will persist until the system has been restarted. (CVE-2016-1956)

- Google Stagefright contains a flaw that is triggered during the handling of array destruction during MPEG4 video file processing. This may allow a context-dependent attacker to cause a memory leak, with unspecified consequences. (CVE-2016-1957)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to spoof the user's address bar. No further details have been provided. (CVE-2016-1958)

- Mozilla Firefox contains a flaw in Service Worker Manager that is triggered when handling the Clients API. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1959)

- Mozilla Firefox contains a use-after-free error in the HTML5 string parser. The issue is triggered when parsing a set of table-related tags in a foreign fragment context such as SVG. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1960)

- Mozilla Firefox contains a use-after-free error in the nsHTMLDocument::SetBody() function in dom/html/nsHTMLDocument.cpp. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1961)

- Mozilla Firefox contains a use-after-free error in netwerk/sctp/datachannel/DataChannel.cpp when using multiple WebRTC data channel connections and freeing a data channel connection from within a call. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1962)

- Mozilla Firefox contains a flaw in the FileReader::DoReadData() function in dom/base/FileReader.cpp. The issue is triggered as user-supplied input is not properly validated when handling modifications to local files that occur while they are being read with the FileReader API. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1963)

- Mozilla Firefox contains a use-after-free error in the txAttribute::execute() function in dom/xslt/xslt/txInstructions.cpp that is triggered when handling XML transformation operations. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1964)

- Mozilla Firefox contains a flaw in the nsLocation::SetProtocol() function in dom/base/nsLocation.cpp that is triggered when handling history navigation in combination with the location protocol property. This may allow a context-dependent attacker to spoof the contents of the address bar. (CVE-2016-1965)

- Mozilla Firefox contains a flaw that is triggered when handling history navigation in a restored browser session. This may potentially allow a context-dependent attacker to gain unauthorized access to cross-origin URL information. (CVE-2016-1967)

- Mozilla Firefox contains a pointer underflow condition in the Brotli library. The issue is triggered as user-supplied input is not properly validated when the library is performing decompression. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-1968)

- Mozilla Firefox contains a use-after-free flaw in the Netscape Plugin Application Programming Interface (NPAPI) plugin within the nsNPObjWrapper::GetNewOrUsed() function in dom/plugins/base/nsJSNPRuntime.cpp. The issue is triggered when handling malicious scripted web content in concert with the plugin. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1966)

- Mozilla Firefox contains an integer underflow condition in the srtp_unprotect() function in netwerk/srtp/src/srtp/srtp.c that is triggered when handling SRTP packet lenghts. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1970)

- Mozilla Firefox contains a flaw in the I420VideoFrame::CreateFrame() function in WebRTC. The issue is triggered as user-supplied input is not properly validated due to a missing status check. This may potentially allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1971)

- Mozilla Firefox contains a race condition in dom/media/systemservices/CamerasChild.h. The issue is triggered as user-supplied input is not properly validated when handling block-level statistics. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1975)

- Mozilla Firefox contains a use-after-free flaw in DesktopDisplayDevice::operator= in media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_device_info.cc. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1976)

- libvpx contains a use-after-free error in vpx_ports/vpx_once.h related to a race condition. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1972)

- Mozilla Firefox contains a use-after-free error that is triggered by a race condition in GetStaticInstance in WebRTC. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1973)

- Mozilla Firefox contains a flaw in the nsScannerString::AppendUnicodeTo() function in parser/htmlparser/nsScannerString.cpp. The issue is triggered when the program fails to allocate memory during handling of unicode strings. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1974)

- Mozilla Network Security Services (NSS) contains a use-after-free error in the PK11_ImportDERPrivateKeyInfoAndReturnKey() function. The issue is triggered when handling DER encoded keys. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1979)

- Graphite/Libgraphite contains a flaw in the Machine::Code::decoder::analysis::set_ref() function. The issue is triggered as user-supplied input is not properly validated. With a specially crafted font, a context-dependent attacker can corrupt memory to cause a denial of service in a process linked against the library or potentially execute arbitrary code. (CVE-2016-1977)

- Graphite/Libgraphite contains a flaw in the GetTableInfo() function in TtfUtil.cpp related to the use of uninitialized memory when handling a specially crafted font. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-2790)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the GlyphCache::glyph() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2791)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the getAttr() function in Slot.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2792)

- Graphite/Libgraphite contains an out-of-bounds read flaw in CachedCmap.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2793)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable12NextCodepoint() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2794)

- Graphite/Libgraphite contains a flaw in the FileFace::get_table_fn() function related to the use of uninitialized memory when handling a specially crafted font. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-2795)

- Graphite/Libgraphite contains an out-of-bounds write flaw in the vm::Machine::Code::Code() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-2796)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable12Lookup() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2797)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the GlyphCache::Loader::Loader() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2798)

- Graphite/Libgraphite contains an out-of-bounds write flaw in the setAttr() function in Slot.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-2799)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the getAttr() function in Slot.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2800)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable12Lookup() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2801)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable4NextCodepoint() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2802)

- Graphite/Libgraphite contains an out-of-bounds write flaw in the setAttr() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1969)

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.

See Also

https://www.mozilla.org/
https://bugzilla.mozilla.org/show_bug.cgi?id=1221872
https://download.novell.com/Download?buildid=MVAFl0oMTck~
https://download.novell.com/Download?buildid=W46YTfqEGiQ~
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005811
https://www-304.ibm.com/support/docview.wss?uid=ssg1S1005812
https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
https://www.debian.org/security/2016/dsa-3510
http://www.ubuntu.com/usn/usn-2917-1/
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
https://www.suse.com/support/update/announcement/2016/suse-su-20160727-1.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
https://www.suse.com/support/update/announcement/2016/suse-su-20160777-1.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
https://www.suse.com/support/update/announcement/2016/suse-su-20160820-1.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
https://www.suse.com/support/update/announcement/2016/suse-su-20160909-1.html
http://www.ubuntu.com/usn/usn-2917-2/
http://www.ubuntu.com/usn/usn-2917-3/
http://www.ubuntu.com/usn/usn-2934-1/
http://seclists.org/bugtraq/2016/Mar/72
https://packetstormsecurity.com/files/136152/Debian-Security-Advisory-3510-1.html
https://packetstormsecurity.com/files/136272/Red-Hat-Security-Advisory-2016-0460-01.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1224979
https://bugzilla.mozilla.org/show_bug.cgi?id=1123661
https://bugzilla.mozilla.org/show_bug.cgi?id=1242279
https://bugzilla.mozilla.org/show_bug.cgi?id=1249685
https://bugzilla.mozilla.org/show_bug.cgi?id=1244250
https://bugzilla.mozilla.org/show_bug.cgi?id=1244995
https://bugzilla.mozilla.org/show_bug.cgi?id=1234578
https://bugzilla.mozilla.org/show_bug.cgi?id=1241217
https://bugzilla.mozilla.org/show_bug.cgi?id=1207958
https://bugzilla.mozilla.org/show_bug.cgi?id=1245866
https://bugzilla.mozilla.org/show_bug.cgi?id=1238558
https://bugzilla.mozilla.org/show_bug.cgi?id=1241731
https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
https://www.debian.org/security/2016/dsa-3559
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html
https://www.suse.com/support/update/announcement/2016/suse-su-20161258-1.html
https://www.debian.org/security/2016/dsa-3576
http://www.ubuntu.com/usn/usn-2973-1/
https://www.suse.com/support/update/announcement/2016/suse-su-20161352-1.html
https://www.suse.com/support/update/announcement/2016/suse-su-20161342-1.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html
https://www.suse.com/support/update/announcement/2016/suse-su-20161374-1.html
http://seclists.org/bugtraq/2016/Apr/153
http://seclists.org/bugtraq/2016/May/63
https://bugzilla.mozilla.org/show_bug.cgi?id=1199171
https://bugzilla.mozilla.org/show_bug.cgi?id=1234425
https://bugzilla.mozilla.org/show_bug.cgi?id=1236519
https://bugzilla.mozilla.org/show_bug.cgi?id=1238935
https://bugzilla.mozilla.org/show_bug.cgi?id=1225618
https://bugzilla.mozilla.org/show_bug.cgi?id=1243555
https://bugzilla.mozilla.org/show_bug.cgi?id=1243583
https://bugzilla.mozilla.org/show_bug.cgi?id=1247236
https://bugzilla.mozilla.org/show_bug.cgi?id=1224361
https://bugzilla.mozilla.org/show_bug.cgi?id=1224363
https://bugzilla.mozilla.org/show_bug.cgi?id=1224369
https://bugzilla.mozilla.org/show_bug.cgi?id=1205163
https://bugzilla.mozilla.org/show_bug.cgi?id=1248794
https://bugzilla.mozilla.org/show_bug.cgi?id=1243178
https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
https://www.debian.org/security/2016/dsa-3520
http://seclists.org/bugtraq/2016/Mar/145
https://bugzilla.mozilla.org/show_bug.cgi?id=1208946
https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
https://bugzilla.mozilla.org/show_bug.cgi?id=1199923
https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/
https://bugzilla.mozilla.org/show_bug.cgi?id=1227052
https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
https://bugzilla.mozilla.org/show_bug.cgi?id=1228754
https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/
https://bugzilla.mozilla.org/show_bug.cgi?id=1234949
https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/
https://www.xerox.com/download/security/security-bulletin/287fc-53b3b113cc7a1/cert_XRX16-015_v1.0_FFPS2.1_Standalone_Aug10_2016-1.pdf
https://bugzilla.mozilla.org/show_bug.cgi?id=1246014
https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/
http://www.zerodayinitiative.com/advisories/ZDI-16-198/
https://bugzilla.mozilla.org/show_bug.cgi?id=1249377
https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/
http://www.zerodayinitiative.com/advisories/ZDI-16-199/
https://bugzilla.mozilla.org/show_bug.cgi?id=1240760
https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/
https://bugzilla.mozilla.org/show_bug.cgi?id=1238440
https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/
https://bugzilla.mozilla.org/show_bug.cgi?id=1243335
https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
https://bugzilla.mozilla.org/show_bug.cgi?id=1245264
https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/
https://bugzilla.mozilla.org/show_bug.cgi?id=1246956
https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
https://bugzilla.mozilla.org/show_bug.cgi?id=1246742
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817233
https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/
https://bugzilla.mozilla.org/show_bug.cgi?id=1246054
https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/
https://bugzilla.mozilla.org/show_bug.cgi?id=1216837
https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/
https://bugzilla.mozilla.org/show_bug.cgi?id=1217663
https://bugzilla.mozilla.org/show_bug.cgi?id=1230768
https://bugzilla.mozilla.org/show_bug.cgi?id=1176340
https://bugzilla.mozilla.org/show_bug.cgi?id=1218124
https://bugzilla.mozilla.org/show_bug.cgi?id=1219339
https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/
https://bugzilla.mozilla.org/show_bug.cgi?id=1228103
https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
https://bugzilla.mozilla.org/show_bug.cgi?id=1185033
http://www-01.ibm.com/support/docview.wss?uid=isg3T1023778
http://www-01.ibm.com/support/docview.wss?uid=swg21982583
https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
https://support.f5.com/kb/en-us/solutions/public/k/20/sol20145801.html
https://bto.bluecoat.com/security-advisory/sa124
https://bugzilla.mozilla.org/show_bug.cgi?id=1248876
https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
https://www.debian.org/security/2016/dsa-3515
http://www.ubuntu.com/usn/usn-2927-1/
http://pivotal.io/security/usn-2927-1
http://seclists.org/bugtraq/2016/Mar/97
https://packetstormsecurity.com/files/136196/Debian-Security-Advisory-3515-1.html
https://packetstormsecurity.com/files/136201/Ubuntu-Security-Notice-USN-2927-1.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1243464
https://bugzilla.mozilla.org/show_bug.cgi?id=1243473
https://bugzilla.mozilla.org/show_bug.cgi?id=1243482
https://bugzilla.mozilla.org/show_bug.cgi?id=1243513
https://bugzilla.mozilla.org/show_bug.cgi?id=1243526
https://bugzilla.mozilla.org/show_bug.cgi?id=1243597
https://bugzilla.mozilla.org/show_bug.cgi?id=1243816
https://bugzilla.mozilla.org/show_bug.cgi?id=1243823
https://bugzilla.mozilla.org/show_bug.cgi?id=1248805
https://bugzilla.mozilla.org/show_bug.cgi?id=1249081
https://bugzilla.mozilla.org/show_bug.cgi?id=1249338
https://bugzilla.mozilla.org/show_bug.cgi?id=1249920
https://bugzilla.mozilla.org/show_bug.cgi?id=1248804
https://bugzilla.mozilla.org/show_bug.cgi?id=1242322
https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/