FYI, Firefox ESR 45.4 has been released, with more security fixes
labelled "critical" by Mozilla, which means the "Vulnerability can be
used to run attacker code and install software, requiring no user
interaction beyond normal browsing."
It has now been over 15 weeks (about 3.5 months) since we've had a
version of GNU IceCat that can be used safely. The 45.3 beta cannot be
used safely because the script to generate it from Firefox ESR has not
been made available, and the 269 megabytes of source code generated from
that unpublished script have not been digitally signed, so we must take
on faith that what we downloaded has not been tampered with.