New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
The remote openSUSE host is missing a security update.
Description
This update for MozillaThunderbird fixes the following issues :
- update to Thunderbird 45.3.0 (boo#991809)
- Disposition-Notification-To could not be used in mail.compose.other.header
- 'edit as new message' on a received message pre-filled the sender as the composing identity.
- Certain messages caused corruption of the drafts summary database. security fixes :
- MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety hazards
- MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network connection can persist when page is closed
- MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow rendering SVG with bidirectional content
- MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
- MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow during 2D graphics rendering
- MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free when using alt key and toplevel menus
- MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free in DTLS during WebRTC session shutdown
- MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free in service workers with nested sync events
- MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on marquee tag can execute in sandboxed iframes
- MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
- MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion in display transformation
- MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free when applying SVG effects
- MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin policy violation using local HTML file and saved shortcut file
- Fix for possible buffer overrun (boo#990856) CVE-2016-6354 (bmo#1292534) [mozilla-flex_buffer_overrun.patch]
- add a screenshot to appdata.xml
Solution
Update the affected MozillaThunderbird packages.