MozillaFirefox was updated to Firefox 25.0. MozillaThunderbird was updated to Thunderbird 24.1.0. Mozilla XULRunner was updated to 17.0.10esr. Mozilla NSPR was updated to 4.10.1. Changes in MozillaFirefox: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 Use-after-free in HTML document templates Changes in MozillaThunderbird: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 Use-after-free when updating offline cache * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 Use-after-free in HTML document templates - update to Thunderbird 24.0.1 * fqdn for smtp server name was not accepted * fixed crash in PL_strncasecmp - update Enigmail to 1.6 * The passphrase timeout configuration in Enigmail is now read and written from/to gpg-agent. * New dialog to change the expiry date of keys * New function to search for the OpenPGP keys of all Address Book entries on a keyserver * removed obsolete enigmail-build.patch Changes in xulrunner: - update to 17.0.10esr * require NSS 3.14.4 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-95/CVE-2013-5604 Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-98/CVE-2013-5597 Use-after-free when updating offline cache * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 Memory corruption in workers - update to 17.0.9esr * MFSA 2013-65/CVE-2013-1705 Buffer underflow when generating CRMF requests * MFSA 2013-76/CVE-2013-1718 Miscellaneous memory safety hazards * MFSA 2013-79/CVE-2013-1722 Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-82/CVE-2013-1725 Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-88/CVE-2013-1730 Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 User-defined properties on DOM proxies get the wrong "this" object Changes in mozilla-nspr: - update to version 4.10.1 * bmo#888273: RWIN Scaling limited to 2 on Windows 7 and 8 * bmo#907512: Unix platforms shouldn"t mask errors specific to Unix domain sockets