Merge with 91.10.0-alt1

New ESR version.
Security fixes:
2022-31736 Cross-Origin resource's length leaked
2022-31737 Heap buffer overflow in WebGL
2022-31738 Browser window spoof using fullscreen mode
2022-31739 Attacker-influenced path traversal when saving downloaded files
2022-31740 Register allocation problem in WASM on arm64
2022-31741 Uninitialized variable leads to invalid memory read
2022-31742 Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
2022-31747 Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10

New ESR version.
Security fixes:
2022-1802 Prototype pollution in Top-Level Await implementation
2022-1529 Untrusted input used in JavaScript object indexing, leading to prototype pollution

New ESR version.
Security fixes:
2022-29914 Fullscreen notification bypass using popups
2022-29909 Bypassing permission prompt in nested browsing contexts
2022-29916 Leaking browser history with CSS variables
2022-29911 iframe Sandbox bypass
2022-29912 Reader mode bypassed SameSite cookies
2022-29917 Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9

New ESR version.
Security fixes:
2022-1097 Use-after-free in NSSToken objects
2022-28281 Out of bounds write due to unexpected WebAuthN Extensions
2022-1196 Use-after-free after VR Process destruction
2022-28282 Use-after-free in DocumentL10n::TranslateDocument
2022-28285 Incorrect AliasSet used in JIT Codegen
2022-28286 iframe contents could be rendered outside the border
2022-24713 Denial of Service via complex regular expressions
2022-28289 Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

New ESR version.
Security fixes:
2022-26383 Browser window spoof using fullscreen mode
2022-26384 iframe allow-scripts sandbox bypass
2022-26387 Time-of-check time-of-use bug when verifying add-on signatures
2022-26381 Use-after-free in text reflows
2022-26386 Temporary files downloaded to /tmp and accessible by other local users

New ESR version.
Security fixes:
2022-26485 Use-after-free in XSLT parameter processing
2022-26486 Use-after-free in WebGPU IPC Framework

New ESR version.
Security fixes:
2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
2022-22754 Extensions could have bypassed permission confirmation during update
2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
2022-22759 Sandboxed iframes could have executed script if the parent appended elements
2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
2022-22763 Script Execution during invalid object state
2022-22764 Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6

New ESR version.

New ESR version.
Security fixes:
2022-22746 Calling into reportValidity could have lead to fullscreen window spoof
2022-22743 Browser window spoof using fullscreen mode
2022-22742 Out-of-bounds memory access when inserting text in edit mode
2022-22741 Browser window spoof using fullscreen mode
2022-22740 Use-after-free of ChannelEventQueue::mOwner
2022-22738 Heap-buffer-overflow in blendGaussianBlur
2022-22737 Race condition when playing audio files
2021-4140 Iframe sandbox bypass with XSLT
2022-22748 Spoofed origin on external protocol launch dialog
2022-22745 Leaking cross-origin URLs through securitypolicyviolation event
2022-22744 The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
2022-22747 Crash when handling empty pkcs7 sequence
2022-22739 Missing throttling on external protocol launch dialog
2022-22751 Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5

New ESR version.

New ESR version.
Security fixes:
2021-43536 URL leakage when navigating while executing asynchronous function
2021-43537 Heap buffer overflow when using structured clone
2021-43538 Missing fullscreen and pointer lock notification when requesting both
2021-43539 GC rooting failure when calling wasm instance methods
2021-43541 External protocol handler parameters were unescaped
2021-43542 XMLHttpRequest error codes could have leaked the existence of an external protocol handler
2021-43543 Bypass of CSP sandbox directive when embedding
2021-43545 Denial of Service when using the Location API in a loop
2021-43546 Cursor spoofing could overlay user interface when native cursor is zoomed

Show Home button on toolbar by default (ALT #41360).

New ESR version.
Security fixes:
2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
2021-38504 Use-after-free in file picker dialog
2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
2021-38506 Firefox could be coaxed into going into fullscreen mode without notification or warning
2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
2021-38510 Download Protections were bypassed by .inetloc files on Mac OS

New ESR version.
Security fixes:
2021-38496 Use-after-free in MessageTask
2021-38497 Validation message could have been overlaid on another origin
2021-38498 Use-after-free of nsLanguageAtomService object
2021-32810 Data race in crossbeam-deque
2021-38500 Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
2021-38501 Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2

New ESR version.
Security fixes:
2021-38492 Navigating to `mk:` URL scheme could load Internet Explorer
2021-38495 Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1