MozillaFirefox was updated to version 31 to fix various security issues and bugs:

* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
Miscellaneous memory safety hazards
* MFSA 2014-57/CVE-2014-1549 (bmo#1020205)
Buffer overflow during Web Audio buffering for playback
* MFSA 2014-58/CVE-2014-1550 (bmo#1020411)
Use-after-free in Web Audio due to incorrect control message ordering
* MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
Toolbar dialog customization event spoofing
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
Use-after-free with FireOnStateChange event
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
Exploitable WebGL crash with Cesium JavaScript library
* MFSA 2014-63/CVE-2014-1544 (bmo#963150)
Use-after-free while when manipulating certificates in the trusted cache
(solved with NSS 3.16.2 requirement)
* MFSA 2014-64/CVE-2014-1557 (bmo#913805)
Crash in Skia library when scaling high quality images
* MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
(bmo#1015973, bmo#1026022, bmo#997795)
Certificate parsing broken by non-standard character encoding
* MFSA 2014-66/CVE-2014-1552 (bmo#985135)
IFRAME sandbox same-origin access through redirect

Mozilla-nss was updated to 3.16.3:
New Functions:
* CERT_GetGeneralNameTypeFromString (This function was already added
in NSS 3.16.2, however, it wasn't declared in a public header file.)
Notable Changes:
* The following 1024-bit CA certificates were removed
- Entrust.net Secure Server Certification Authority
- GTE CyberTrust Global Root
- ValiCert Class 1 Policy Validation Authority
- ValiCert Class 2 Policy Validation Authority
- ValiCert Class 3 Policy Validation Authority
* Additionally, the following CA certificate was removed as
requested by the CA:
- TDC Internet Root CA
* The following CA certificates were added:
- Certification Authority of WoSign
- CA 沃通根证书
- DigiCert Assured ID Root G2
- DigiCert Assured ID Root G3
- DigiCert Global Root G2
- DigiCert Global Root G3
- DigiCert Trusted Root G4
- QuoVadis Root CA 1 G3
- QuoVadis Root CA 2 G3
- QuoVadis Root CA 3 G3
* The Trust Bits were changed for the following CA certificates
- Class 3 Public Primary Certification Authority
- Class 3 Public Primary Certification Authority
- Class 2 Public Primary Certification Authority - G2
- VeriSign Class 2 Public Primary Certification Authority - G3
- AC Raíz Certicámara S.A.
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
changes in 3.16.2
New functionality:
* DTLS 1.2 is supported.
* The TLS application layer protocol negotiation (ALPN) extension
is also supported on the server side.
* RSA-OEAP is supported. Use the new PK11_PrivDecrypt and
PK11_PubEncrypt functions with the CKM_RSA_PKCS_OAEP mechanism.
* New Intel AES assembly code for 32-bit and 64-bit Windows,
contributed by Shay Gueron and Vlad Krasnov of Intel.
Notable Changes:
* The btoa command has a new command-line option -w suffix, which
causes the output to be wrapped in BEGIN/END lines with the
given suffix
* The certutil commands supports additionals types of subject
alt name extensions.
* The certutil command supports generic certificate extensions,
by loading binary data from files, which have been prepared using
external tools, or which have been extracted from other existing
certificates and dumped to file.
* The certutil command supports three new certificate usage specifiers.
* The pp command supports printing UTF-8 (-u).
* On Linux, NSS is built with the -ffunction-sections -fdata-sections
compiler flags and the --gc-sections linker flag to allow unused
functions to be discarded.
changes in 3.16.1
New functionality:
* Added the "ECC" flag for modutil to select the module used for
elliptic curve cryptography (ECC) operations.
New Macros
* PUBLIC_MECH_ECC_FLAG
a public mechanism flag for elliptic curve cryptography (ECC)
operations
* SECMOD_ECC_FLAG
an NSS-internal mechanism flag for elliptic curve cryptography
(ECC) operations. This macro has the same numeric value as
PUBLIC_MECH_ECC_FLAG.
Notable Changes:
* Imposed name constraints on the French government root CA ANSSI
(DCISS).