Changes/fixes:
- Removed Google Search as a bundled search provider. If desired, you can manually install it (or other search engines) after the update by following the steps in the Manage Search Engines topic.
- Fixed the URL API to allow "stringification" of the object per specification. This should make a number of websites happy.
- Added the ES6 string .includes() function in addition to the pre-existing .contains() function for checking if a string contains another string. The .contains() function is retained for compatibility with web and extension scripts that adhere to the ES6 pre-release specification up to and including RC3.
- Fixed the calculation of standalone SVG embeds width and height, which should solve some reported issues with html5 graphs being displayed incorrectly.
- Linux: improved memory allocation.
- Updated the graphite font library to 1.3.9.
- Added a blocking rule for F-Secure's 64-bit deepguard library to prevent crashes.
- Updated the SQLite library to 3.13.0.
- Download= properties of links are now honored from the context menu "Save" option.
- Fixed a crash in the XSS filter.
- Fixed a crash in the DOM error module.
- Worked around a crash on Linux
- Linux: Improved optimization and GCC6 compatibility (Note: compiling with GCC 6 is still not recommended and it may or may not work, depending on your environment)
- (CVE-2016-5251)Potential URL spoofing in the address bar.
- (CVE-2016-0718) Context-dependent crash in expat 2.1.0.
- (CVE-2016-5266) Outgoing dataTransfer items are not properly filtered.
- Fixed potentially exploitable crash in the array splice implementation.
- Fixed potentially exploitable crash caused by badly formatted ICO files.
- (CVE-2016-5254) Heap-use-after-free in nsXULPopupManager::KeyDown