Hello Guix,
I'm pleased to announce the availability of GNU IceCat 45.3.0-gnu1-beta
with selected fixes cherry-picked from upstream, including all security
fixes introduced in Firefox ESR 45.4.0, specifically:
CVE-2016-5250 - Resource Timing API is storing resources sent by
the previous page
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
CVE-2016-5261 - Integer overflow and memory corruption in WebSocketChannel
CVE-2016-5270 - Heap-buffer-overflow in
nsCaseTransformTextRunFactory::TransformString
CVE-2016-5272 - Bad cast in nsImageGeometryMixin
CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState
CVE-2016-5276 - Heap-use-after-free in
mozilla::a11y::DocAccessible::ProcessInvalidationList
CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick
CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
CVE-2016-5280 - Use-after-free in
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
CVE-2016-5281 - use-after-free in DOMSVGLength
CVE-2016-5284 - Add-on update site certificate pin expiration
Mark
