New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote openSUSE host is missing a security update.
Descriptionseamonkey was updated to version 2.31 to fix 20 security issues.
These security issues were fixed :
- Miscellaneous memory safety hazards (CVE-2014-1587, CVE-2014-1588).
- XBL bindings accessible via improper CSS declarations (CVE-2014-1589).
- XMLHttpRequest crashes with some input streams (CVE-2014-1590).
- CSP leaks redirect data via violation reports (CVE-2014-1591).
- Use-after-free during HTML5 parsing (CVE-2014-1592).
- Buffer overflow while parsing media content (CVE-2014-1593).
- Bad casting from the BasicThebesLayer to BasicContainerLayer (CVE-2014-1594).
- Miscellaneous memory safety hazards (CVE-2014-1574, CVE-2014-1575).
- Buffer overflow during CSS manipulation (CVE-2014-1576).
- Web Audio memory corruption issues with custom waveforms (CVE-2014-1577).
- Out-of-bounds write with WebM video (CVE-2014-1578).
- Further uninitialized memory use during GIF rendering (CVE-2014-1580).
- Use-after-free interacting with text directionality (CVE-2014-1581).
- Key pinning bypasses (CVE-2014-1582, CVE-2014-1584).
- Inconsistent video sharing within iframe (CVE-2014-1585, CVE-2014-1586).
- Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) (CVE-2014-1583).
This non-security issue was fixed :
- define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639).
SolutionUpdate the affected seamonkey packages.