firefox-41.0.2 was released with a security fix:
does this affect 38.x?
Technically, yes it might be, but not in a general case. Prior to firefox-39, the code supporting the "Fetch API" was reportedly in place but disabled, and needed to be manually enabled in about:config.
As mozilla didn't feel the risk was worthy enough for a security patch to the 38 series, I think we are probably good to exclude it here as well.
@maintainers, I only see this as being applied to 41.0.2 and not backported. Per previous comments I think we can move on here. Any objections?
(In reply to Aaron Bauman from comment #3)
> @maintainers, I only see this as being applied to 41.0.2 and not backported.
> Per previous comments I think we can move on here. Any objections?
No need to backport, all versions prior to firefox-39 (ie, 38.x ESR and earlier) are unaffected. Yes, please continue.
Added to existing GLSA.
This issue was resolved and addressed in
GLSA 201605-06 at https://security.gentoo.org/glsa/201605-06
by GLSA coordinator Yury German (BlueKnight).