Mozilla sent Firefox Version 50.0.2 to the release channel today to address a critical zero-day vulnerability in the wild. Firefox ESR was updated to version 45.5.1. The update includes only the one critical update, Firefox SVG Animation Remote Code Execution (https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/).
Additional information about the vulnerability here: Vulnerability Note VU#791496 - Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability (http://www.kb.cert.org/vuls/id/791496).
Note: As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable. After evaluation, it was reported (https://forum.palemoon.org/viewtopic.php?f=1&t=13984&sid=6bc99b51692b69a324aba475007c9f56) that it is extremely unlikely that Pale Moon is vulnerable to this exploit.
Thanks. I updated all four ESR versions earlier today with no problems.
Quote from: Corrine on November 30, 2016, 11:05:22 PM
Note: As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable. After evaluation, it was reported (https://forum.palemoon.org/viewtopic.php?f=1&t=13984&sid=6bc99b51692b69a324aba475007c9f56) that it is extremely unlikely that Pale Moon is vulnerable to this exploit.
Twitter message from PaleMoon:
QuoteDespite this, we'll still be releasing a DiD patched update on Dec 2nd that fixes the crash at the root of this.
Thanks. I grabbed the new version on my portable Palemoon this morn.