Package Instance

Security researcher Jordi Chancel reported an issue on OS X where the delay between the download dialog getting focus and the button getting enabled was too short. If an attacker is able to induce the user to double-click in a specific location, they can then pass the second click through to the dialog below, leading to unintentional actions such as the running of downloaded software.
This issue only affects OS X installations. Windows, Linux, and Android
installations are unaffected by it.

Security researcher Ronald Crane reported three vulnerabilities
affecting released code that were found through code inspection. These include a high
rated memory safety issue in the ANGLE graphics library, a moderate rated potential wild
pointer flaw when handling zip files, and a critical rated integer overflow during
metadata parsing in Mozilla's use of the libstagefright library.The first two issues do not all have clear mechanisms to be exploited through web
content but are vulnerable if a mechanism can be found to trigger them. The libstagefright
issue could potentially be triggered by a malicious MP4 format video file, allowing for
arbitrary code execution.

Security researcher Muneaki Nishimura reported an issue with displayed URLs and bookmarks on Firefox for Android. If a data: URL is opened from a stored shortcut on the homescreen or from a BOOKMARK intent from another installed Android application, the addressbar continues to show the data: url even if the content redirects to another page, hiding the true origin of the content. This was due to an error in how hosts were handled with data: URLs.
This issue only affects Firefox for Android. Firefox on other operating
systems is not affected.

Security researcher Hanno Böck reported that calculations with
mp_div and mp_exptmod in Network Security Services (NSS) can
produce wrong results in some circumstances. These functions are used within NSS for a
variety of cryptographic division functions, leading to potential cryptographic
weaknesses.

Mozilla developer Margaret Leibovic reported when Firefox for
Android installs lightweight themes, it does not check to verify that they are served over
an HTTPS connection. Instead, themes can be installed over an unencrypted connection,
which could allow for a man-in-the-middle (MITM) attack by third parties replacing the
theme content, which consists of images and toolbar text colors.
This issue only affects Firefox for Android. Firefox on other operating
systems is not affected.

Mozilla developer François Marier reported that the Firefox was unable to reach the Application Reputation service due to a bug introduced in Firefox 43, disabling the ability to warn against potentially malicious downloads. Other parts of the Safe Browsing feature, for example the warnings about phishing and
malicious sites, continued to function.This issue was caused by a flaw introduced in Firefox 43. Earlier versions
were not affected by this issue.

Mozilla developers and community identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.
In general these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled, but are potentially a risk in
browser or browser-like contexts.

Security researcher window reported an issue where the protocol
handler dialog appears, double click events are treated as two single click events. This was caused by the lack of a delay following the initial focus in the file download dialog. This could cause a second dialog to be sent the second click, leading to unintentional user initiated actions, such as the running of downloaded software from a maliciously positioned prompt.

Security researcher Gustavo Grieco reported an out of memory crash
when loading maliciously crafted GIF format images. Investigation of the issue determined
that the root cause was an error in image parsing code during deinterlacing, leading to a
potential integer overflow.

Security researcher musicDespiteEverything previously reported
an issue where illegal control characters were stored in as cookie values in violation of
RFC6265. While fixing this
issue, Mozilla developer Nicholas Hurley realized that the same issue
applied to the names of cookies. These characters have now been disallowed in cookie
names. This issue could result in incorrect cookie handling by web servers.

Security researcher Aki Helin used the Address Sanitizer tool to find
a buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. 
In general this flaw cannot be exploited through email in the
Thunderbird product, but is potentially a risk in browser or browser-like contexts.

Security researcher Jordi Chancel reported two issues involving
addressbar spoofing.The first of these is a "high" rated security issue on on Firefox for Android involving
the scrollTo() method to scroll a page. In this attack,
scrollTo() is used to scroll the addressbar out of view while replacing it
with a fake addressbar created by the attacker when a new tab is opened.
The second flaw is a "low" rated security issue affecting Desktop Firefox. In this attack, when a URL which is invalid for an internal protocol is pasted into the addressbar, the addressbar contents may be manipulated to show the location of an arbitrary website instead of the one currently loaded. This issue is mitigated by the protocol being prepended to the displayed URL, making the address less likely to be confused with the appended URL.
Both of these attacks can lead to potential spoofing by a malicious site.