New version firefox ESR is out https://www.mozilla.org/en-US/firefox/38.6.1/releasenotes/ at February 11, 2016 fix CVE-2016-1523 Please bump it!
The issue description https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
This is a security issue, reassigning
(In reply to Sergey Popov from comment #2) > This is a security issue, reassigning Firefox-38.6.1 is in tree, feel free to stabilize it.
Arches please stabilize.
amd64 stable
x86 stable
Stable for HPPA.
Stable for PPC64.
no stable keywords for arm
mail-client/thunderbird{,-bin}-38.6.0 also contains the fixes for this too; stabilization has been requested in bug 573074 already though.
CVE-2016-1523 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523): The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
Added to existing GLSA. This will be mitigated when stabilization occurs in bug 576862.
Stable on alpha.
ppc stable
This issue was resolved and addressed in GLSA 201605-06 at https://security.gentoo.org/glsa/201605-06 by GLSA coordinator Yury German (BlueKnight).