An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer.
Looks like it doesn't affect our stable 45.x branch.
www-client/firefox-bin-52.0 is affected. Recorded for searchability.
www-client/firefox{,-bin}-52.0.1 is in the gentoo repo. These are not stable candidates so I'm not sure what's left to do here.
(In reply to Ian Stakenvicius from comment #3) > www-client/firefox{,-bin}-52.0.1 is in the gentoo repo. These are not > stable candidates so I'm not sure what's left to do here. Was waiting for upstream to confirm previous branches aren't affected. Repository is clean, all done.