Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
https://security.gentoo.org/glsa/201605-06
https://bugzilla.mozilla.org/show_bug.cgi?id=1237103
http://www.ubuntu.com/usn/USN-2880-2
http://www.ubuntu.com/usn/USN-2880-1
http://www.securitytracker.com/id/1034825
http://www.securityfocus.com/bid/81949
http://www.mozilla.org/security/announce/2016/mfsa2016-11.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html