MozillaFirefox-translations-common-52.3.0-60.1>t  DH`pYş/=„3=qeF"g(H6\ &^k<8)P֪!?#apU% g@̊S$F?>?iU姱[CVJ _*"W/>G1℁7D"*:ʓSc9F.SDСqk0?\hх pV`-x?dLpr;krP<3ܿ rƔ EP1308513d6cf7ea75ec0b355e55d245ef1d834af0m߉Yş/=„ؔ OF)r<1uAIMe7e|2s2"V8j U"Uy9ۍ+yPRX5֤b14E]?- W8]tMk,;Ksm ;sjf> [Y_fFvh,Aiڠ%z>rt$=3%g&4 qZ7.5Pٌ,LK}6PBrZ‰":$>8?d%, 1 Q #,&,&, 4&, 2&, <&, &, 4&,&,g&,&&&,p@T(89Ġ:ԠB ȓF ȯG &,H at&,I $&,X PY \Z x[ |\ &,] 8&,^C0hb=cd]ebfgliz{CMozillaFirefox-translations-common52.3.060.1Common translations for FirefoxThis package contains several common languages for the user interface of Firefox.Ylamb21PopenSUSE Leap 42.3openSUSEMPL-2.0http://bugs.opensuse.orgSystem/Localizationhttp://www.mozilla.org/linuxx86_64>vl7>0 $ 'P2T G9XR[ K,~y \4$_i{ TH \ sJ(N2- n M40  ?M G -%o w̓X_ u u Y f*umZX&j[pk  W Q#,f3"X ;R!2 -j'B  ( +"=5bupJ_#ggcg.6  $T+oF x ;)@Za`;N,f36R $`0&  . f08 H, (1 =pw%:)Cj oYv n U ~x`CP11iGk X9 FY55{ CK>vc    ck\T%z!wv e ].3? dhd8);;)aX  J| :r P$I  !]QR!2 -e ]oN Y S@3h8% S ]5-mx Z,jTMe,RZ n=(+^90z] 9/ J 6)  nN>Z@$w qgbupJTy/s#xggag,2 l &z /P$v)A WpM9fx1)%m   6qf)M 0|  >m~Z$ | c ZQO]r La-vC:.:rbS# P} iMAJ:/: Cx^Z>vgs   J,c6c ' 4i)-RE\ 6 o%,%g)i T[C!2 -oA?lm ,P h*!  I -WAej {cFA!),P 8&e" :n =)1S / 5zJ 6$( n&>=5$XbpJLkr#kkck.-k h ~ &i{N ~)?Eow}I7=fw]M5z %   4`oua&Mrk 0\ Zg:r$jb 3GMad=.,  "|] x1 W0<B@} B, M>v0tW   kx94eD] W/ &_ n*&Y } 0Lpl$I/y #S GK R!2 -a`jK 6 : zFh( !} ,~@vm NdIA6(O / %SV yx(TU h 5Fo )#')   >N20# fbpJL&#=klbm-/ + #$s  T%s)7H@)Y?11fsL3ti%  .Oid}U%VE oM0] 0 WW-# %BWE Ocv=|,%! _ V }wx= ;+ bAܒ+ \>vcm     2F<6 u >* R. Ok%_ d ov [&-d V"hM R!2 -%=7QJj C/ #W:k,1! oA-)Ax IdAB*(+)P 8\' ~qK)] 7" m %))- G&?= $~b~pJ]#Oggfg11 p (uo #w)9pu6oO4&M4A 4_P6   ]5|-f*L4mP~ w, &AtF /[y~ _ }>u.a1q a*X ?A 0g l>v9"? : 1n  $> )0 B  /:UWE!O-   k ;M4 rlA +z R!2 -j'~r{o`  & Ip_=# M& 1;K  zF#dI+n "42'3XSO7I2| b ACUWU^431eW hU@7'7FbupJzQ2{#ggcg.: C  9!o D)V 3%S f# 9 z2%;w >EP9 6 ` 9`Y &wO"((n; i  H"5o+N8h".} jo "\  '"|Q*C M 'lA<5[ iY E )0.&"-U < D%P "/O o 5To"<L NBK Rj!2 - ]%TRPlU _ ] )ah$!S1 ,r?k ?dE@(N %_ +i (PR R 4^c *#a&  Z .Zzd: MdW!:*HW~5b ^? rq< , ~=AeiH    % B\r/Bi 7 p'y( FQ"<[  j` \ %.  2Q!hA ;!2 -V%TWno d ,t  i3:! ! 7,Bn Ne]A(VO =' _x")|S 6 @ $U(K IUC5z#XLb(AsVW#ltkr6/ A S]&8~ :v)BLgl>5d5Emv72 y{%  6  T72_&)5 6g#` __U% -k?*U, qS  s<?U: .+  *AfTm   ^EYe K m'*/ [BJ[  pxY #%N 0kVR!2 -xB%F Sk _ $ .ui:7! ;<-\AGnv f%A*P K'S EsD,)X 6 7 $Y(b >:>L:$jOb(2sOBh#ggcg.0E U &y7 ty)C 7mA7LkC.2LA ? - s8MU+[& a^z /x $g 19cp lr?",o-V?C <YVS 4zA_c. FAdp Vt%II8[c kDl%@   ` &c}#W&i@# FN|CR!2 -p ]%=]jH //  `= 0 zd^o ve;f$U  ; N2.%K |Do   W$ fj wb(js8q%&--!4 6" 8vA).vK e8L9*>bdCk/l <m {y6n +t'HTbB cY{ T0> $]{gY3.i}7x^6 9 6b   = &($) >v$  BkfQ a  Z&? \RM.V _ it2| $J SQGR!2 -l%;IAi| ov [ 1h$!Sn ,r?k dE@(N k%_ +i (PR R 4[b *#i&  X <.X#;DbpJM1O#ggdg/1 ~9 % S= =  y)<zPIl~Z/ gfk$3=<s%m   ;.B3c%XN h!X= -["7 |=U+i qd=}-WT$/Xk OY y*> + Oj>ve 2 ? @ Gt% m =;  Q)R Kh d z| s'&N- xOTY R !2 -%@mk I n` bi4" - kM.gCu 1hYCW).T% V(D w!)n^ Z 7@ `$a+ AYAD' b 'pJSe#kkRkR2 }  )ki; })?PO9:2 fm#14 ! Cs %9 X 9sy,!  qJu ) S"o"c*w ARNJd > >-*`D!D  5s u Ai/ RM/>vCo;  5 #^ 5*3og 3- X'A ]Y6i  z# S& 0aC)w!Y!2 -c Tj} u^ ? ~l.]"  E*-Bls -eHB)+R> M's# x0)[ 6c' $) W%?<$ZnbpJTGy#g.gc.g.1L  j&{R  7 oCp|)< d]#XNI70fuj*46 V%m   p4!(k)  0 mp{4  %"u NDXIi nh=@-|LLo ` NWAS w.{ _=>vWPj Gm}7 e" T`P]$ a \+S,yvy^o pNg< R!2 -t%=z]hU dO +7Y? I)} CghT[my%S9%c ?/39H dB  # 9d 0 bRpJ3`t$%,,!8U bb" ~M\ 9) ,9@WNm<.,Cz|9tk3 =m F8  '{ i%\u 1!,6  coa0YUN5 5Eh"I o8< &&e z>v' # oC   w< H_-Xy  4rL wfpx(sj r  &  > i1YHuK FR!2 -.Q  #82tN Y m%"T'E   m -W{q emUVM 0 W} */%/Li2X\ g;} ( *: + + ;ApR{%#=b pJ3/s#ggrg=5y : * /xd2 [c'q)> loH sf#5 *1%K  g;) zb0  B8>  "i!,.v 7R _| L"X?)1t yGqB i!`5 ]q8Dtb(6]) b >v0gwN  <) N t 0Z|)*] , *eZ B}LZ  * $.T# PzM# !2 -m 33Wl ]r _?m Cd#c! L  QE,Auq %mZB=*P :' z} &)T >5 w$'O P>9t#bupJLS4#pj jc j.0  z $9% ! oiv)?<aK^jO9@ frU86 TRp%t ` ;_, 1+Qn ^+ h&%O- FA5TU1 s;=',[p%VSB    > .t 6M^$A.u/ _ y ",%%QWA[ 4 n%- )x1Y  8[ j#9YX =J R!2 - ?%; clt H  8th$!R0 ,r?l dE@(N k%_ ,i (PR R 4[c *#a&  TU{CJ \?D<,oAC 4nR ls< ,E ,>vLl^  a  $S] / G' 1C%K,M^  WcA :$= aZJR H!2 -p2lX  ]  Xj)!, :-:A/r u dMA)P /&P* ;x-(Y 6 G#'c4 /?H7#jtb[pJS:Q#rggcg.0 % N&}'F4  qz)9 W?YuP4 fj_ 6 y%  ^ ?3f\' v x &i #OVe CQ=->6  M 5 {R@oc. -$ܣ8>v\B \#k&Of  "0^  P$ 'Q Z > Gf;Ax LO zO!2 -t J>hY  "z  ~i2f8 kO`+bV'^:c EH). EWZ  $) S` pbpJ3w9kkbk-$ 7 n#&g !?)*#=_P8R'&fop  B#l m4, 5l(d mBO %qd' Q  ..QUqoS )z3Q$vP k 7zC4 E<d % DQA[Y  s g 5 4r^@R Z p '" 7 gA`  RZ${zeN '|LR!2 - ]%?{:j F 6" ^&{h$!Rm ,r?k dE@(N m%_ +i (PR R 4[b *#r&  X <.T#;!Ab(sWTR{#rggcg.1c 2 2&: ?|)[B P[rE7 *fs5 qu %m  o {5EBW& 9#T jr$#$U &2HSq. b<j-D>9,H05H6 _Z IB^` [- :(qBAu<   0 Ai3@-F\ - '  ]WkEa  fo6 N%Xd J~R !2 -m"<j {j D Rj3)! \` K-Acp ~kXA+P< g%&< }rB)R 6c F$*) ?>\7C#;Ab(fsL_am#cggcg.1  : &(5 :})B b<_dP5A+fs1>~%m  V D3^'| e%t B$P X@Ictd \Xs=h,aW@<,$ {u<Y "W|A-o .q %7`>v"9 4" [ 5  > T  P 8  L-Lh2 <> '[ %&'y;23g zc!2 - %Z'Sw !CUU gk H1r _)c)%$'') MRAXA Z l2! P >`:,K" 6b OpJO-%'H+H+) qv4J!CQ b)E: ZkLiM{n{ N-/ P 6L !.=>  Q A1 Z GnN/:1 " @ %e< :)& ) U >KU;j: A2 d e ] 7sWynoD/T 9 B% (8Z  RU6#di] &!JGR!2 - ^%;!jK O   t$8.h( !ts 2,@ap vfEA;(P $&(  r>i &)U e 5 ##'I* t=1S#Rb(jsQ(E#Mggcg./ r Z%u  qq)7 CFE^=5o}'fo4_m%   /u]&  c+& :a":  >UO maw>=+S"%f `^  w>+ , H H pA* f1 B78[  " X1"R z t]"D_{ KQH !R!2 -Aoe # A ouksd(! ,">k m4@ &L $Ng :c#)U9 H 3p #]%  M :)#9b(sDV;ggcg.. F @ p =w?y)o8 B53?8/nCfpj3$qP%m  / GX!4% [* JLgC S>i2:*kD$;F-w |?w j&7 ' 73Ai 6_ vYC<b $ k"\ 6R(S k &WD!h6Z yOI!2  - X&&3 lB   >mie#  ,s?k n5A&M !$]Cv ]` ))So S 3 #4%  P ;D+H#7Bb(sE ?u3hhdh// 9Q ,#xl < |)|9)H<B32v&gqG4o<d & m v u{0 JYrnk+2)& bi EEG 3R;*J9 ,K}l  =Jc h8( '   * MAAAAA큤A큤AAAA큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤AA큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤AA큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AAA큤A큤AA큤A큤A큤A큤AA큤A큤A큤AAA큤A큤A큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤YY-YYY-YYYYYYYFYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY6YYYYYYYYDYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYIYYYYYGYYYYYYYYYYYYYYYYYYYYYYYYYYYYJYYYYYYJYYY-YYYYYYYYYYYYYY@YY@YYBYYYYBYYYYLYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY6YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY-YYYYYDYYYY=YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYIYYYYYGYYYYYYYYYYYYYYYYYYYYYYY@VwVVV@VuVm]VHsV4@V@VV @UN@UUĝUĝU@UUt2@U`kUUUUUOH@U0UUUQU ]@U T@T!TT@T*@Ty@T\@TXTWn@TWn@TR(@TO@TKTCT>aT9Tl@T1T@SS˯@SSnS[SB@S0@S0@S,)S%@SRR@R_@Ri RA~R6R4ORC@QB@Q@QőQ@Q@QdQ^QU@Q?Q8@Q/FQtQ P@PP@Pg@PN@PpPpP@PvPqnPM@P:P%P_@O#O@O@OO@OYOTO>A@Owr@rosenauer.orgwr@rosenauer.orgguillaume@opensuse.orgdmueller@suse.comjosua.mayer97@gmail.comwr@rosenauer.orgjosua.mayer97@gmail.comwr@rosenauer.orgvindex17@outlook.itwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgbehlert@suse.dewr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgdmueller@suse.comdvaleev@suse.comdvaleev@suse.comdvaleev@suse.comwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orguweigand@de.ibm.comwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orglnussel@suse.dewr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgdmueller@suse.comwr@rosenauer.orgdvaleev@suse.comwr@rosenauer.orgwr@rosenauer.orgschwab@linux-m68k.orgwr@rosenauer.orgdmueller@suse.comwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgschwab@linux-m68k.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgpcerny@suse.comwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgaj@suse.dewr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgadrian@suse.dewr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgvdziewiecki@suse.compcerny@suse.comwr@rosenauer.orgwr@rosenauer.orgdvaleev@suse.comwr@rosenauer.orgjoop.boonen@opensuse.orgwr@rosenauer.orgadrian@suse.dewr@rosenauer.orgmgorse@suse.comdvaleev@suse.comwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgpcerny@suse.compcerny@suse.comwr@rosenauer.orgwr@rosenauer.orgvuntz@opensuse.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgcfarrell@novell.comwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgmeissner@suse.dewr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgmeissner@suse.dewr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgllunak@novell.comwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.orgwr@rosenauer.org- update to Firefox 52.3esr (boo#1052829) MFSA 2017-19 * CVE-2017-7798 (bmo#1371586, bmo#1372112) XUL injection in the style editor in devtools * CVE-2017-7800 (bmo#1374047) Use-after-free in WebSockets during disconnection * CVE-2017-7801 (bmo#1371259) Use-after-free with marquee during window resizing * CVE-2017-7784 (bmo#1376087) Use-after-free with image observers * CVE-2017-7802 (bmo#1378147) Use-after-free resizing image elements * CVE-2017-7785 (bmo#1356985) Buffer overflow manipulating ARIA attributes in DOM * CVE-2017-7786 (bmo#1365189) Buffer overflow while painting non-displayable SVG * CVE-2017-7753 (bmo#1353312) Out-of-bounds read with cached style data and pseudo-elements# * CVE-2017-7787 (bmo#1322896) Same-origin policy bypass with iframes through page reloads * CVE-2017-7807 (bmo#1376459) Domain hijacking through AppCache fallback * CVE-2017-7792 (bmo#1368652) Buffer overflow viewing certificates with an extremely long OID * CVE-2017-7804 (bmo#1372849) Memory protection bypass through WindowsDllDetourPatcher * CVE-2017-7791 (bmo#1365875) Spoofing following page navigation with data: protocol and modal alerts * CVE-2017-7782 (bmo#1344034) WindowsDllDetourPatcher allocates memory without DEP protections * CVE-2017-7803 (bmo#1377426) CSP containing 'sandbox' improperly applied * CVE-2017-7779 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3- Mozilla Firefox 52.2.1esr: * Printing text does not work on Windows when Direct2D is disabled (bmo#1318845)- update to Firefox 52.2esr (boo#1043960) MFSA 2017-16 * CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees * CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading * CVE-2017-7750 (bmo#1356558) Use-after-free with track elements * CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners * CVE-2017-7752 (bmo#1359547) Use-after-free with IME input * CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object * CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox Installer with same directory DLL files (Windows only) * CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors * CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777 Vulnerabilities in the Graphite 2 library * CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder * CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service (Windows only) * CVE-2017-7761 (bmo#1215648) File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application (Windows only) * CVE-2017-7764 (bmo#1364283) Domain spoofing with combination of Canadian Syllabics and other unicode blocks * CVE-2017-7765 (bmo#1273265) Mark of the Web bypass when saving executable files (Windows only) * CVE-2017-7766 (bmo#1342742) File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service (Windows only) * CVE-2017-7767 (bmo#1336964) Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service (Windows only) * CVE-2017-7768 (bmo#1336979) 32 byte arbitrary file read through Mozilla Maintenance Service (Windows only) * CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - requires NSS 3.28.5- remove -fno-inline-small-functions and explicitely optimize with - O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)- update to Firefox 52.1.1 MFSA 2017-14 * CVE-2017-5031: Use after free in ANGLE (bmo#1328762) (Windows only, Linux not affected) - switch to Mozilla's geolocation service (boo#1026989) - removed mozilla-preferences.patch obsoleted by overriding via firefox.js - fixed KDE integration to avoid crash caused by filepicker (boo#1015998)- update to Firefox 52.1.0esr (boo#1035082) MFSA 2017-12 * CVE-2017-5443 (bmo#1342661) Out-of-bounds write during BinHex decoding * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 * CVE-2017-5464 (bmo#1347075) Memory corruption with accessibility and DOM manipulation * CVE-2017-5465 (bmo#1347617) Out-of-bounds read in ConvolvePixel * CVE-2017-5466 (bmo#1353975) Origin confusion when reloading isolated data:text/html URL * CVE-2017-5467 (bmo#1347262) Memory corruption when drawing Skia content * CVE-2017-5460 (bmo#1343642) Use-after-free in frame selection * CVE-2017-5461 (bmo#1344380) Out-of-bounds write in Base64 encoding in NSS * CVE-2017-5448 (bmo#1346648) Out-of-bounds write in ClearKeyDecryptor * CVE-2017-5449 (bmo#1340127) Crash during bidirectional unicode manipulation with animation * CVE-2017-5446 (bmo#1343505) Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data * CVE-2017-5447 (bmo#1343552) Out-of-bounds read during glyph processing * CVE-2017-5444 (bmo#1344461) Buffer overflow while parsing application/http-index-format content * CVE-2017-5445 (bmo#1344467) Uninitialized values used while parsing application/http-index-format content * CVE-2017-5442 (bmo#1347979) Use-after-free during style changes * CVE-2017-5469 (bmo#1292534) Potential Buffer overflow in flex-generated code * CVE-2017-5440 (bmo#1336832) Use-after-free in txExecutionState destructor during XSLT processing * CVE-2017-5441 (bmo#1343795) Use-after-free with selection during scroll events * CVE-2017-5439 (bmo#1336830) Use-after-free in nsTArray Length() during XSLT processing * CVE-2017-5438 (bmo#1336828) Use-after-free in nsAutoPtr during XSLT processing * CVE-2017-5437 (bmo#1343453) Vulnerabilities in Libevent library * CVE-2017-5436 (bmo#1345461) Out-of-bounds write with malicious font in Graphite 2 * CVE-2017-5435 (bmo#1350683) Use-after-free during transaction processing in the editor * CVE-2017-5434 (bmo#1349946) Use-after-free during focus handling * CVE-2017-5433 (bmo#1347168) Use-after-free in SMIL animation functions * CVE-2017-5432 (bmo#1346654) Use-after-free in text input selection * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476) Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 * CVE-2017-5459 (bmo#1333858) Buffer overflow in WebGL * CVE-2017-5462 (bmo#1345089) DRBG flaw in NSS * CVE-2017-5455 (bmo#1341191) Sandbox escape through internal feed reader APIs * CVE-2017-5454 (bmo#1349276) Sandbox escape allowing file system read access through file picker * CVE-2017-5456 (bmo#1344415) Sandbox escape allowing local file system access * CVE-2017-5451 (bmo#1273537) Addressbar spoofing with onblur event - requires NSS 3.28.4 - rebased patches- switch package to use ESR52 branch * enables plugin support by default * service workers are disabled by default * push notifications are disabled by default * WebAssembly (wasm) is disabled * Less use of multiprocess architecture Electrolysis (e10s) +-------------------------------------------------------------------- update to Firefox 52.0.2 * Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787) * Fix loading tab icons on session restore (bmo#1338009) * Fix a crash on startup on Linux (bmo#1345413) * Fix new installs erroneously not prompting to change the default browser setting (bmo#1343938)- disable rust usage for everything but x86(-64) - explicitely add libffi build requirement- update to Firefox 52.0.1 (boo#1029822) MFSA 2017-08 CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)- reenable ALSA support which was removed by default upstream- update to Firefox 52.0 (boo#1028391) * requires NSS >= 3.28.3 * Pages containing insecure password fields now display a warning directly within username and password fields. * Send and open a tab from one device to another with Sync * Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported. * Removed Battery Status API to reduce fingerprinting of users by trackers * MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933) CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186) CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138) CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890) CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622) CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687) CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711) CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504) CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370) CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) CVE-2017-5417: Addressbar spoofing by draging and dropping URLs (bmo#791597) CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361) CVE-2017-5427: Non-existent chrome.manifest file loaded during startup (bmo#1295542) CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876) CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243) CVE-2017-5420: Javascript: URLs can obfuscate addressbar location (bmo#1284395) CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) CVE-2017-5421: Print preview spoofing (bmo#1301876) CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002) CVE-2017-5399: Memory safety bugs fixed in Firefox 52 CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 - removed obsolete patches * mozilla-binutils-visibility.patch * mozilla-check_return.patch * mozilla-disable-skia-be.patch * mozilla-skia-overflow.patch * mozilla-skia-ppc-endianess.patch - rebased patches - enable rust usage for Tumbleweed- Mozilla Firefox 51.0.1: - Multiprocess incompatibility did not correctly register with some add-ons (bmo#1333423)- update to Firefox 51.0 * requires NSPR >= 4.13.1, NSS >= 3.28.1 * Added support for FLAC (Free Lossless Audio Codec) playback * Added support for WebGL 2 * Added Georgian (ka) and Kabyle (kab) locales * Support saving passwords for forms without 'submit' events * Improved video performance for users without GPU acceleration * Zoom indicator is shown in the URL bar if the zoom level is not at default level * View passwords from the prompt before saving them * Remove Belarusian (be) locale * Use Skia for content rendering (Linux) * MFSA 2017-01 CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814) CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826) CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bmo#1312001, bmo#1330769, boo#1021818) CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827) CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819) CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820) CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828) CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821) CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830) CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831) CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822) CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832) CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833) CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823) CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events (bmo#1222798) CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835) CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage (bmo#1293709) (Android only) CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837) CVE-2017-5395: Android location bar spoofing during scrolling (bmo#1293463) (Android only) CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839) CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840) CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841) CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (boo#1021824) - switch Firefox to Gtk3 for Tumbleweed - removed obsolete patches * mozilla-flex_buffer_overrun.patch - updated RPM locale support tag - improve recognition of LANGUAGE env variable (boo#1017174) - add upstream patch to fix PPC64LE (bmo#1319389) (mozilla-skia-ppc-endianess.patch) - fix build without skia (big endian archs) (bmo#1319374) (mozilla-disable-skia-be.patch)- update to Firefox 50.1.0 (boo#1015422) * MFSA 2016-94 CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements (bmo#1317409) CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees (bmo#1314442) CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs (bmo#1319122) CVE-2016-9904: Cross-origin information leak in shared atoms (bmo#1317936) CVE-2016-9901: Data from Pocket server improperly sanitized before execution (bmo#1320057) CVE-2016-9902: Pocket extension does not validate the origin of events (bmo#1320039) CVE-2016-9903: XSS injection vulnerability in add-ons SDK (bmo#1315435) CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)- update to Firefox 50.0.2 * Firefox crashes with 3rd party Chinese IME when using IME text (50.0.1) security fixes (in 50.0.1): (boo#1012807) * MFSA 2016-91 CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect (bmo#1317641) security fixes (in 50.0.2) (boo#1012964) * MFSA 2016-92 CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)- update to Firefox 50.0 (boo#1009026) * requires NSS 3.26.2 new features * Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R * Added option to Find in page that allows users to limit search to whole words only * Added download protection for a large number of executable file types on Windows, Mac and Linux * Fixed rendering of dashed and dotted borders with rounded corners (border-radius) * Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux) * Blocked versions of libavcodec older than 54.35.1 * additional locale security fixes: * MFSA 2016-89 CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443) CVE-2016-5292: URL parsing causes crash (bmo#1288482) CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log hardlink (Windows only) (bmo#1246945) CVE-2016-5294: Arbitrary target directory for result files of update process (Windows only) (bmo#1246972) CVE-2016-5297: Incorrect argument length checking in Javascript (bmo#1303678) CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418) CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen (Android only) (bmo#1306696) CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686) CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069)) CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile (bmo#1300083) (Windows only) CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324) CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552) CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159) CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM (Windows only) (bmo#1247239) CVE-2016-5298: SSL indicator can mislead the user about the real URL visited (bmo#1227538) (Android only) CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions (bmo#1245791) (Android only) CVE-2016-9061: API Key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions (Android only) (bmo#1245795) CVE-2016-9062: Private browsing browser traces (android) in browser.db and wal file (Android only) (bmo#1294438) CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071) CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" (bmo#1289273) CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) (fixed via NSS 3.26.1) CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976) CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777) CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003) CVE-2016-5289: Memory safety bugs fixed in Firefox 50 CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 - make aarch64 build more similar to x86_64 build (remove conditionals that don't seem to be necessary anymore)- Mozilla Firefox 49.0.2: * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475) * CVE-2016-5288: Web content can read cache entries (bsc#1006476) * Asynchronous rendering of the Flash plugins is now enabled by default * Change D3D9 default fallback preference to prevent graphical artifacts * Network issue prevents some users from seeing the Firefox UI on startup * Web compatibility issue with file uploads * Web compatibility issue with Array.prototype.values * Diagnostic information on timing for tab switching * Fix a Canvas filters graphics issue affecting HTML5 apps- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0 and fixes have been incorporated by upstream.- Mozilla Firefox 49.0.1: * Mitigate a startup crash issue caused by Websense - bmo#1304783- update to Firefox 49.0 (boo#999701) new features * Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. * Added features to Reader Mode that make it easier on the eyes and the ears * Improved video performance for users on systems that support SSE3 without hardware acceleration * Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed * Improvements in about:memory reports for tracking font memory usage security related * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons from non-whitelisted schemes CVE-2016-5283 (bmo#928187) -