diff --git a/README.debrand b/README.debrand
deleted file mode 100644
index 01c46d2..0000000
--- a/README.debrand
+++ /dev/null
@@ -1,2 +0,0 @@
-Warning: This package was configured for automatic debranding, but the changes
-failed to apply.
diff --git a/SOURCES/mozilla-1348168.patch b/SOURCES/mozilla-1348168.patch
new file mode 100644
index 0000000..e0627d2
--- /dev/null
+++ b/SOURCES/mozilla-1348168.patch
@@ -0,0 +1,88 @@
+
+# HG changeset patch
+# User Ehsan Akhgari <ehsan@mozilla.com>
+# Date 1489719163 14400
+# Node ID 4af7cd795eeef3bce2dd40d5a6e92d21304eaea1
+# Parent  dac467924a46c4bbff97c948bf4a7143dada2b19
+Bug 1348168 - Disable Mozilla custom ImageBitmap extensions that didn't go through proper API review; r=bzbarsky a=dveditz
+
+diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
+--- a/dom/base/nsGlobalWindow.cpp
++++ b/dom/base/nsGlobalWindow.cpp
+@@ -14993,16 +14993,20 @@ nsGlobalWindow::CreateImageBitmap(const 
+ 
+ already_AddRefed<mozilla::dom::Promise>
+ nsGlobalWindow::CreateImageBitmap(const ImageBitmapSource& aImage,
+                                   int32_t aOffset, int32_t aLength,
+                                   ImageBitmapFormat aFormat,
+                                   const Sequence<ChannelPixelLayout>& aLayout,
+                                   ErrorResult& aRv)
+ {
++  if (!ImageBitmap::ExtensionsEnabled(nullptr, nullptr)) {
++    aRv.Throw(NS_ERROR_TYPE_ERR);
++    return nullptr;
++  }
+   if (aImage.IsArrayBuffer() || aImage.IsArrayBufferView()) {
+     return ImageBitmap::Create(this, aImage, aOffset, aLength, aFormat, aLayout,
+                                aRv);
+   } else {
+     aRv.Throw(NS_ERROR_TYPE_ERR);
+     return nullptr;
+   }
+ }
+diff --git a/dom/workers/WorkerScope.cpp b/dom/workers/WorkerScope.cpp
+--- a/dom/workers/WorkerScope.cpp
++++ b/dom/workers/WorkerScope.cpp
+@@ -471,16 +471,24 @@ WorkerGlobalScope::CreateImageBitmap(con
+ 
+ already_AddRefed<mozilla::dom::Promise>
+ WorkerGlobalScope::CreateImageBitmap(const ImageBitmapSource& aImage,
+                                      int32_t aOffset, int32_t aLength,
+                                      ImageBitmapFormat aFormat,
+                                      const Sequence<ChannelPixelLayout>& aLayout,
+                                      ErrorResult& aRv)
+ {
++  JSContext* cx = GetCurrentThreadJSContext();
++  MOZ_ASSERT(cx);
++
++  if (!ImageBitmap::ExtensionsEnabled(cx, nullptr)) {
++    aRv.Throw(NS_ERROR_TYPE_ERR);
++    return nullptr;
++  }
++
+   if (aImage.IsArrayBuffer() || aImage.IsArrayBufferView()) {
+     return ImageBitmap::Create(this, aImage, aOffset, aLength, aFormat, aLayout,
+                                aRv);
+   } else {
+     aRv.Throw(NS_ERROR_TYPE_ERR);
+     return nullptr;
+   }
+ }
+diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
+--- a/modules/libpref/init/all.js
++++ b/modules/libpref/init/all.js
+@@ -831,22 +831,18 @@ pref("ui.scrollToClick", 0);
+ pref("canvas.focusring.enabled", true);
+ pref("canvas.customfocusring.enabled", false);
+ pref("canvas.hitregions.enabled", false);
+ pref("canvas.filters.enabled", true);
+ // Add support for canvas path objects
+ pref("canvas.path.enabled", true);
+ pref("canvas.capturestream.enabled", true);
+ 
+-// Disable the ImageBitmap-extensions in the release build.
+-#ifdef RELEASE_OR_BETA
++// Disable the ImageBitmap-extensions for now.
+ pref("canvas.imagebitmap_extensions.enabled", false);
+-#else
+-pref("canvas.imagebitmap_extensions.enabled", true);
+-#endif
+ 
+ // We want the ability to forcibly disable platform a11y, because
+ // some non-a11y-related components attempt to bring it up.  See bug
+ // 538530 for details about Windows; we have a pref here that allows it
+ // to be disabled for performance and testing resons.
+ // See bug 761589 for the crossplatform aspect.
+ //
+ // This pref is checked only once, and the browser needs a restart to
+
diff --git a/SPECS/firefox.spec b/SPECS/firefox.spec
index c5d5f10..f8a824a 100644
--- a/SPECS/firefox.spec
+++ b/SPECS/firefox.spec
@@ -77,7 +77,7 @@
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        52.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 URL:            http://www.mozilla.org/projects/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 Group:          Applications/Internet
@@ -126,6 +126,7 @@ Patch111:       rhbz-1173156.patch
 Patch112:       mozilla-256180.patch
 Patch113:       rhbz-1414535.patch
 Patch114:       rhbz-1423012.patch
+Patch115:       mozilla-1348168.patch
 
 # Upstream patches
 # Skia support for big endian platforms, since patch got review- I think we can delete that:
@@ -379,6 +380,7 @@ cd %{tarballdir}
 %patch112 -p1 -b .mozbz-256180
 %patch113 -p1 -b .rhbz-1414535
 %patch114 -p1 -b .rhbz-1423012
+%patch115 -p1 -b .mozbz-1348168
 
 # Upstream patches
 #%patch201 -p1 -b .mozbz-1005535 see Patch201 comment
@@ -880,6 +882,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------
 
 %changelog
+* Fri Mar 17 2017 Martin Stransky <stransky@redhat.com> - 52.0-5
+- Added fix for mozbz#1348168/CVE-2017-5428
+
 * Mon Mar  6 2017 Jan Horak <jhorak@redhat.com> - 52.0-4
 - Update to 52.0 ESR (b4)