The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.
https://www.mozilla.org/security/advisories/mfsa2017-09/
https://www.mozilla.org/security/advisories/mfsa2017-05/
https://bugzilla.mozilla.org/show_bug.cgi?id=1322716