New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe MozillaThunderbird package was updated to fix the following security and non security issues :
- update to Thunderbird 38.4.0 (bnc#952810)
- MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards
- MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy
- MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas
- MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received
- MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files
- MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection
- MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers
- MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR 4.10.10 and NSS 18.104.22.168
- added explicit appdata provides (bnc#952325)
SolutionUpdate the affected MozillaThunderbird packages.