This update for MozillaFirefox and mozilla-nss fixes the following issues:

MozillaFirefox was updated to version 49.0 (boo#999701)
- New features
* Updated Firefox Login Manager to allow HTTPS pages to use saved
HTTP logins.
* Added features to Reader Mode that make it easier on the eyes and
the ears
* Improved video performance for users on systems that support
SSE3 without hardware acceleration
* Added context menu controls to HTML5 audio and video that let users
loops files or play files at 1.25x speed
* Improvements in about:memory reports for tracking font memory usage
- Security related fixes
* MFSA 2016-85
CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
mozilla::net::IsValidReferrerPolicy
CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
nsCaseTransformTextRunFactory::TransformString
CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
PropertyProvider::GetSpacingInternal
CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
CVE-2016-5273 (bmo#1280387) - crash in
mozilla::a11y::HyperTextAccessible::GetChildOffset
CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
mozilla::a11y::DocAccessible::ProcessInvalidationList
CVE-2016-5274 (bmo#1282076) - use-after-free in
nsFrameManager::CaptureFrameState
CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
nsBMPEncoder::AddImageFrame
CVE-2016-5279 (bmo#1249522) - Full local path of files is available
to web pages after drag and drop
CVE-2016-5280 (bmo#1289970) - Use-after-free in
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
from non-whitelisted schemes
CVE-2016-5283 (bmo#928187) - fragment timing attack can
reveal cross-origin data
CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
- requires NSS 3.25

- Mozilla Firefox 48.0.2:
* Mitigate a startup crash issue caused on Windows (bmo#1291738)

mozilla-nss was updated to NSS 3.25.
New functionality:
* Implemented DHE key agreement for TLS 1.3
* Added support for ChaCha with TLS 1.3
* Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
* In previous versions, when using client authentication with TLS 1.2,
NSS only supported certificate_verify messages that used the same
signature hash algorithm as used by the PRF. This limitation has
been removed.
* Several functions have been added to the public API of the
NSS Cryptoki Framework.
New functions:
* NSSCKFWSlot_GetSlotID
* NSSCKFWSession_GetFWSlot
* NSSCKFWInstance_DestroySessionHandle
* NSSCKFWInstance_FindSessionHandle
Notable changes:
* An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3
* Regression fix: NSS no longer reports a failure if an application
attempts to disable the SSLv2 protocol.
* The list of trusted CA certificates has been updated to version 2.8
* The following CA certificate was Removed
Sonera Class1 CA
* The following CA certificates were Added
Hellenic Academic and Research Institutions RootCA 2015
Hellenic Academic and Research Institutions ECC RootCA 2015
Certplus Root CA G1
Certplus Root CA G2
OpenTrust Root CA G1
OpenTrust Root CA G2
OpenTrust Root CA G3