FYI, Firefox ESR 45.4 has been released, with more security fixes labelled "critical" by Mozilla, which means the "Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing."
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ It has now been over 15 weeks (about 3.5 months) since we've had a version of GNU IceCat that can be used safely. The 45.3 beta cannot be used safely because the script to generate it from Firefox ESR has not been made available, and the 269 megabytes of source code generated from that unpublished script have not been digitally signed, so we must take on faith that what we downloaded has not been tampered with. Mark -- http://gnuzilla.gnu.org