This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Update Firefox Extended Support Release to 68.3.0 ESR Security issues fixed: - CVE-2019-17008: Use-after-free in worker destruction . - CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code . - CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher . - CVE-2019-17009: Updater temporary files accessible to unprivileged processes . - CVE-2019-17010: Use-after-free when performing device orientation checks . - CVE-2019-17005: Buffer overflow in plain text serializer . - CVE-2019-17011: Use-after-free when retrieving a document in antitracking . - CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 . Update mozilla-nss to version 3.47.1 : Security issues fixed: - CVE-2019-11745: EncryptUpdate should use maxout, not block size. Bug fixes: - Fix a crash that could be caused by client certificates during startup - Fix compile-time warnings from uninitialized variables in a perl script - Support AES HW acceleration on ARMv8 - Allow per-socket run-time ordering of the cipher suites presented in ClientHello - Add CMAC to FreeBL and PKCS #11 libraries - Remove arbitrary HKDF output limit by allocating space as needed Update mozilla-nspr to version 4.23: Bug fixes: - fixed a build failure that was introduced in 4.22 - correctness fix for Win64 socket polling - whitespace in C files was cleaned up and no longer uses tab characters for indenting - added support for the ARC architecture - removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS - correctness and build fixes