Security update for MozillaFirefox

This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs.

These security issues were fixed:

* CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814)
* CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826)
* CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bmo#1312001, bmo#1330769, boo#1021818)
* CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)
* CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819)
* CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820)
* CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828)
* CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821)
* CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830)
* CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831)
* CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822)
* CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832)
* CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833)
* CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823)
* CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835)
* CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837)
* CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839)
* CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840)
* CVE-2017-5374: Memory safety bugs (boo#1021841)
* CVE-2017-5373: Memory safety bugs (boo#1021824)

These non-security issues in MozillaFirefox were fixed:

* Added support for FLAC (Free Lossless Audio Codec) playback
* Added support for WebGL 2
* Added Georgian (ka) and Kabyle (kab) locales
* Support saving passwords for forms without 'submit' events
* Improved video performance for users without GPU acceleration
* Zoom indicator is shown in the URL bar if the zoom level is not at default level
* View passwords from the prompt before saving them
* Remove Belarusian (be) locale
* Use Skia for content rendering (Linux)
* Improve recognition of LANGUAGE env variable (boo#1017174)
* Multiprocess incompatibility did not correctly register with some add-ons (bmo#1333423)

Fixed bugs
bnc#1021837
VUL-0: CVE-2017-5393: MozillaFirefox: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
bnc#1021835
VUL-0: CVE-2017-5391: MozillaFirefox: Content about: pages can load privileged about: pages
bnc#1021832
VUL-0: CVE-2017-5384: MozillaFirefox: Information disclosure via Proxy Auto-Config (PAC)
bnc#1021833
VUL-0: CVE-2017-5385: MozillaFirefox: Data sent in multipart channels ignores referrer-policy response headers
bnc#1021830
VUL-0: CVE-2017-5381: MozillaFirefox: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
bnc#1021831
VUL-0: CVE-2017-5382: MozillaFirefox: Feed preview can expose privileged content errors and exceptions
bnc#1017174
firefox in english for a french installation
bnc#1021839
VUL-0: CVE-2017-5387: MozillaFirefox: Disclosure of local file existence through TRACK tag error messages
bnc#1021818
VUL-0: CVE-2017-5378: MozillaFirefox: Pointer and frame data leakage of Javascript objects
bnc#1021819
VUL-0: CVE-2017-5380: MozillaFirefox: Potential use-after-free during DOM manipulations
bnc#1021814
VUL-0: CVE-2017-5375: MozillaFirefox: Excessive JIT code allocation allows bypass of ASLR and DEP
bnc#1021817
VUL-0: CVE-2017-5376: MozillaFirefox: Use-after-free in XSL
bnc#1021841
VUL-0: CVE-2017-5374: MozillaFirefox: Memory safety bugs fixed in Firefox 51
bnc#1021840
VUL-0: CVE-2017-5388: MozillaFirefox: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
bnc#1021828
VUL-0: CVE-2017-5389: MozillaFirefox: WebExtensions can install additional add-ons via modified host requests
bnc#1021821
VUL-0: CVE-2017-5396: MozillaFirefox: Use-after-free with Media Decoder
bnc#1021820
VUL-0: CVE-2017-5390: MozillaFirefox: Insecure communication methods in Developer Tools JSON viewer
bnc#1021823
VUL-0: CVE-2017-5386: MozillaFirefox: WebExtensions can use data: protocol to affect other extensions
bnc#1021822
VUL-0: CVE-2017-5383: MozillaFirefox: Location bar spoofing with unicode characters
bnc#1021824
VUL-0: CVE-2017-5373: MozillaFirefox: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
bnc#1021827
VUL-0: CVE-2017-5379: MozillaFirefox: Use-after-free in Web Animations
bnc#1021826
VUL-0: CVE-2017-5377: MozillaFirefox: Memory corruption with transforms to create gradients in Skia
Selected Binaries
openSUSE Build Service is sponsored by