Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-2802 (GCVE-0-2016-2802)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:32
VLAI?
EPSS
Summary
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public ?
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-2802",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:20.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-2802",
"date": "2026-05-20",
"epss": "0.00565",
"percentile": "0.68649"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"44.0.2\", \"matchCriteriaId\": \"A2CA2CAD-3088-47C2-AE3A-607E6064E9BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F007CC6-9391-4E1C-A747-F3DE5E572FA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45E9641F-430C-4B3A-BD63-EC13DBD3D1E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AADD23B-A8AF-4679-990D-C29A1D6EB5CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1343A1FD-98CF-4A6C-A697-1253E538FD5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D098567-B55E-4EAC-8FAA-31FAFDD4058F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE0389BC-D295-4957-8AE7-EDAC770F596D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E75E69A5-AC94-4F35-9EFB-1BFF8B78210D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2765E663-C9CF-476A-B7A8-6F02D0E2D72D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62B4E871-0ACB-4EC5-8392-EAD0DF25E64B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"435D6EF5-C879-4121-9D47-EF2236E53409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5963D11-D2F4-40A7-81CE-E034C91FCCBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FB022A7-B792-4AC0-B2CF-AF6F384AE719\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A10BC294-9196-425F-9FB0-B1625465B47F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBC8B78D-1131-4F21-919D-8AC79A410FB9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sil:graphite2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.3.5\", \"matchCriteriaId\": \"5F0A27A0-9ADC-4800-AEE7-C006ED3E0474\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3CCD459-9E6D-4731-8054-CDF8B58454A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC7A498A-A669-4C42-8134-86103C799D13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"104DA87B-DEE4-4262-AE50-8E6BC43B228B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n graphite2::TtfUtil::CmapSubtable4NextCodepoint en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7, permite a atacantes remotos causar una denegaci\\u00f3n de servicio (sobre lectura de buffer) o posiblemente tener otro impacto no especificado a trav\\u00e9s de una fuente inteligente Graphite manipulada.\"}]",
"id": "CVE-2016-2802",
"lastModified": "2024-11-21T02:48:50.613",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-03-13T18:59:41.650",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3510\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3515\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3520\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://www.mozilla.org/security/announce/2016/mfsa2016-37.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/84222\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://www.securitytracker.com/id/1035215\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2917-1\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2917-2\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2917-3\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2927-1\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2934-1\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1248804\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.gentoo.org/glsa/201605-06\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-63\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3510\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3515\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mozilla.org/security/announce/2016/mfsa2016-37.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/84222\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1035215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2917-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2917-2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2917-3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2927-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2934-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1248804\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.gentoo.org/glsa/201605-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-63\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-2802\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2016-03-13T18:59:41.650\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n graphite2::TtfUtil::CmapSubtable4NextCodepoint en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7, permite a atacantes remotos causar una denegaci\u00f3n de servicio (sobre lectura de buffer) o posiblemente tener otro impacto no especificado a trav\u00e9s de una fuente inteligente Graphite manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"44.0.2\",\"matchCriteriaId\":\"A2CA2CAD-3088-47C2-AE3A-607E6064E9BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F007CC6-9391-4E1C-A747-F3DE5E572FA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45E9641F-430C-4B3A-BD63-EC13DBD3D1E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AADD23B-A8AF-4679-990D-C29A1D6EB5CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1343A1FD-98CF-4A6C-A697-1253E538FD5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D098567-B55E-4EAC-8FAA-31FAFDD4058F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE0389BC-D295-4957-8AE7-EDAC770F596D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E75E69A5-AC94-4F35-9EFB-1BFF8B78210D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2765E663-C9CF-476A-B7A8-6F02D0E2D72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62B4E871-0ACB-4EC5-8392-EAD0DF25E64B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"435D6EF5-C879-4121-9D47-EF2236E53409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5963D11-D2F4-40A7-81CE-E034C91FCCBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FB022A7-B792-4AC0-B2CF-AF6F384AE719\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBC8B78D-1131-4F21-919D-8AC79A410FB9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sil:graphite2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.5\",\"matchCriteriaId\":\"5F0A27A0-9ADC-4800-AEE7-C006ED3E0474\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3CCD459-9E6D-4731-8054-CDF8B58454A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC7A498A-A669-4C42-8134-86103C799D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104DA87B-DEE4-4262-AE50-8E6BC43B228B\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3510\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3515\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3520\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://www.mozilla.org/security/announce/2016/mfsa2016-37.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/84222\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://www.securitytracker.com/id/1035215\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2917-1\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2917-2\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2917-3\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2927-1\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2934-1\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1248804\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/201605-06\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://security.gentoo.org/glsa/201701-63\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3510\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3515\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mozilla.org/security/announce/2016/mfsa2016-37.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/84222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2917-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2917-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2917-3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2927-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2934-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1248804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/201605-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201701-63\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2016-AVI-086
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NSS versions ant\u00e9rieures \u00e0 3.21.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 38.7",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 45",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "NSS versions ant\u00e9rieures \u00e0 3.19.2.3",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1963",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1963"
},
{
"name": "CVE-2016-1978",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1978"
},
{
"name": "CVE-2016-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2801"
},
{
"name": "CVE-2016-1964",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1964"
},
{
"name": "CVE-2016-1979",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1979"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1960"
},
{
"name": "CVE-2016-1977",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1977"
},
{
"name": "CVE-2016-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2791"
},
{
"name": "CVE-2016-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1955"
},
{
"name": "CVE-2016-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1966"
},
{
"name": "CVE-2016-1958",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1958"
},
{
"name": "CVE-2016-1953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1953"
},
{
"name": "CVE-2016-2794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2794"
},
{
"name": "CVE-2016-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1967"
},
{
"name": "CVE-2016-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2790"
},
{
"name": "CVE-2016-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1974"
},
{
"name": "CVE-2016-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1962"
},
{
"name": "CVE-2016-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2798"
},
{
"name": "CVE-2016-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1968"
},
{
"name": "CVE-2016-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2802"
},
{
"name": "CVE-2016-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1975"
},
{
"name": "CVE-2016-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1972"
},
{
"name": "CVE-2016-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1976"
},
{
"name": "CVE-2016-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1971"
},
{
"name": "CVE-2016-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1961"
},
{
"name": "CVE-2016-2792",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2792"
},
{
"name": "CVE-2016-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1973"
},
{
"name": "CVE-2016-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2796"
},
{
"name": "CVE-2016-1959",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1959"
},
{
"name": "CVE-2016-1970",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1970"
},
{
"name": "CVE-2016-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2799"
},
{
"name": "CVE-2016-1952",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1952"
},
{
"name": "CVE-2016-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1956"
},
{
"name": "CVE-2016-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2795"
},
{
"name": "CVE-2016-1957",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1957"
},
{
"name": "CVE-2016-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2797"
},
{
"name": "CVE-2016-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1954"
},
{
"name": "CVE-2016-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2800"
},
{
"name": "CVE-2016-2793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2793"
},
{
"name": "CVE-2016-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1965"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-086",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Firefox\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-37 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-24 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-15 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-29 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-23 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-34 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-16 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-36 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-27 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-22 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-28 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-31 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-25 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-35 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-33 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-30 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-20 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-32 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-17 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-19 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-21 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-18 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-26 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/"
}
]
}
CERTFR-2016-AVI-099
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 15.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 12.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-2545",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2545"
},
{
"name": "CVE-2015-8767",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8767"
},
{
"name": "CVE-2016-0723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0723"
},
{
"name": "CVE-2016-2548",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2548"
},
{
"name": "CVE-2016-2544",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2544"
},
{
"name": "CVE-2013-4312",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4312"
},
{
"name": "CVE-2015-7833",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7833"
},
{
"name": "CVE-2016-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2801"
},
{
"name": "CVE-2016-1977",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1977"
},
{
"name": "CVE-2016-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2791"
},
{
"name": "CVE-2016-3135",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3135"
},
{
"name": "CVE-2016-2794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2794"
},
{
"name": "CVE-2016-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2790"
},
{
"name": "CVE-2016-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2798"
},
{
"name": "CVE-2015-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7566"
},
{
"name": "CVE-2016-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2802"
},
{
"name": "CVE-2016-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
},
{
"name": "CVE-2016-2782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2782"
},
{
"name": "CVE-2016-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2384"
},
{
"name": "CVE-2016-2069",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2069"
},
{
"name": "CVE-2016-2792",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2792"
},
{
"name": "CVE-2016-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2796"
},
{
"name": "CVE-2016-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2799"
},
{
"name": "CVE-2016-2546",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2546"
},
{
"name": "CVE-2016-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2549"
},
{
"name": "CVE-2016-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2795"
},
{
"name": "CVE-2016-2543",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2543"
},
{
"name": "CVE-2016-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2797"
},
{
"name": "CVE-2016-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2800"
},
{
"name": "CVE-2016-2793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2793"
},
{
"name": "CVE-2016-2547",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2547"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-099",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2928-2 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2928-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2929-2 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2929-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2927-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2927-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2930-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2930-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2930-2 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2930-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2932-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2932-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2931-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2931-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2929-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2929-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2928-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2928-1/"
}
]
}
CERTFR-2016-AVI-086
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NSS versions ant\u00e9rieures \u00e0 3.21.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 38.7",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 45",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "NSS versions ant\u00e9rieures \u00e0 3.19.2.3",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1963",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1963"
},
{
"name": "CVE-2016-1978",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1978"
},
{
"name": "CVE-2016-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2801"
},
{
"name": "CVE-2016-1964",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1964"
},
{
"name": "CVE-2016-1979",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1979"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1960"
},
{
"name": "CVE-2016-1977",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1977"
},
{
"name": "CVE-2016-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2791"
},
{
"name": "CVE-2016-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1955"
},
{
"name": "CVE-2016-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1966"
},
{
"name": "CVE-2016-1958",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1958"
},
{
"name": "CVE-2016-1953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1953"
},
{
"name": "CVE-2016-2794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2794"
},
{
"name": "CVE-2016-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1967"
},
{
"name": "CVE-2016-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2790"
},
{
"name": "CVE-2016-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1974"
},
{
"name": "CVE-2016-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1962"
},
{
"name": "CVE-2016-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2798"
},
{
"name": "CVE-2016-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1968"
},
{
"name": "CVE-2016-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2802"
},
{
"name": "CVE-2016-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1975"
},
{
"name": "CVE-2016-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1972"
},
{
"name": "CVE-2016-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1976"
},
{
"name": "CVE-2016-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1971"
},
{
"name": "CVE-2016-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1961"
},
{
"name": "CVE-2016-2792",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2792"
},
{
"name": "CVE-2016-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1973"
},
{
"name": "CVE-2016-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2796"
},
{
"name": "CVE-2016-1959",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1959"
},
{
"name": "CVE-2016-1970",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1970"
},
{
"name": "CVE-2016-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2799"
},
{
"name": "CVE-2016-1952",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1952"
},
{
"name": "CVE-2016-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1956"
},
{
"name": "CVE-2016-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2795"
},
{
"name": "CVE-2016-1957",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1957"
},
{
"name": "CVE-2016-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2797"
},
{
"name": "CVE-2016-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1954"
},
{
"name": "CVE-2016-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2800"
},
{
"name": "CVE-2016-2793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2793"
},
{
"name": "CVE-2016-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1965"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-086",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Firefox\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-37 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-24 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-15 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-29 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-23 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-34 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-16 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-36 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-27 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-22 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-28 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-31 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-25 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-35 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-33 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-30 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-20 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-32 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-17 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-19 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-21 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-18 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-26 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/"
}
]
}
CERTFR-2016-AVI-099
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 15.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 12.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-2545",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2545"
},
{
"name": "CVE-2015-8767",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8767"
},
{
"name": "CVE-2016-0723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0723"
},
{
"name": "CVE-2016-2548",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2548"
},
{
"name": "CVE-2016-2544",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2544"
},
{
"name": "CVE-2013-4312",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4312"
},
{
"name": "CVE-2015-7833",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7833"
},
{
"name": "CVE-2016-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2801"
},
{
"name": "CVE-2016-1977",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1977"
},
{
"name": "CVE-2016-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2791"
},
{
"name": "CVE-2016-3135",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3135"
},
{
"name": "CVE-2016-2794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2794"
},
{
"name": "CVE-2016-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2790"
},
{
"name": "CVE-2016-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2798"
},
{
"name": "CVE-2015-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7566"
},
{
"name": "CVE-2016-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2802"
},
{
"name": "CVE-2016-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
},
{
"name": "CVE-2016-2782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2782"
},
{
"name": "CVE-2016-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2384"
},
{
"name": "CVE-2016-2069",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2069"
},
{
"name": "CVE-2016-2792",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2792"
},
{
"name": "CVE-2016-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2796"
},
{
"name": "CVE-2016-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2799"
},
{
"name": "CVE-2016-2546",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2546"
},
{
"name": "CVE-2016-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2549"
},
{
"name": "CVE-2016-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2795"
},
{
"name": "CVE-2016-2543",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2543"
},
{
"name": "CVE-2016-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2797"
},
{
"name": "CVE-2016-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2800"
},
{
"name": "CVE-2016-2793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2793"
},
{
"name": "CVE-2016-2547",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2547"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-099",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2928-2 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2928-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2929-2 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2929-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2927-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2927-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2930-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2930-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2930-2 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2930-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2932-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2932-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2931-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2931-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2929-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2929-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2928-1 du 14 mars 2016",
"url": "http://www.ubuntu.com/usn/usn-2928-1/"
}
]
}
BDU:2016-00718
Vulnerability from fstec - Published: 13.03.2016
VLAI Severity ?
Title
Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Description
Уязвимость функции graphite2::TtfUtil::CmapSubtable4NextCodepoint браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2 вызвана переполнением буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании или оказать другое воздействие при помощи специально созданного Graphite смарт-шрифта
Severity ?
Vendor
SIL International, Mozilla Corp.
Software Name
Graphite 2, Firefox, Firefox ESR
Software Version
до 1.3.6 (Graphite 2), до 45 (Firefox), от 38.0 до 38.7 (Firefox ESR)
Possible Mitigations
Обновление браузера Firefox ESR до версии 38.7 или новее, обновление браузера Firefox до версии 45.0 или новее
Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=1248804
http://www.mozilla.org/security/announce/2016/mfsa2016-37.html
CWE
CWE-119
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "SIL International, Mozilla Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.3.6 (Graphite 2), \u0434\u043e 45 (Firefox), \u043e\u0442 38.0 \u0434\u043e 38.7 (Firefox ESR)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox ESR \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 38.7 \u0438\u043b\u0438 \u043d\u043e\u0432\u0435\u0435, \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 45.0 \u0438\u043b\u0438 \u043d\u043e\u0432\u0435\u0435",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.03.2016",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.03.2016",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2016-00718",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-2802",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Graphite 2, Firefox, Firefox ESR",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Apple Inc. MacOS X 32-bit, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, Apple Inc. MacOS X 64-bit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox ESR \u0438 Firefox, \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0435\u043d\u0434\u0435\u0440\u0438\u043d\u0433\u0430 Graphite 2, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 graphite2::TtfUtil::CmapSubtable4NextCodepoint \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox ESR \u0438 Firefox, \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0435\u043d\u0434\u0435\u0440\u0438\u043d\u0433\u0430 Graphite 2 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e Graphite \u0441\u043c\u0430\u0440\u0442-\u0448\u0440\u0438\u0444\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804\nhttp://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)"
}
CNVD-2016-01645
Vulnerability from cnvd - Published: 2016-03-15
VLAI Severity ?
Title
Mozilla Firefox和Firefox ESR Graphite 2拒绝服务漏洞(CNVD-2016-01645)
Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。Graphite是一套使用Python语言编写、采用Django框架的企业级开源系统监控工具(数据绘图),它通过第三方工具或插件进行数据收集、统计,最后完成数据绘图。Graphite 2是Graphite的一个升级版。
Mozilla Firefox和Firefox ESR中使用的Graphite 2中的‘graphite2::TtfUtil::CmapSubtable4NextCodepoint’函数存在安全漏洞。远程攻击者可借助特制的Graphite智能字体利用该漏洞造成拒绝服务(缓冲区越边界读取)。
Severity
中
Patch Name
Mozilla Firefox和Firefox ESR Graphite 2拒绝服务漏洞(CNVD-2016-01645)的补丁
Patch Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。Graphite是一套使用Python语言编写、采用Django框架的企业级开源系统监控工具(数据绘图),它通过第三方工具或插件进行数据收集、统计,最后完成数据绘图。Graphite 2是Graphite的一个升级版。
Mozilla Firefox和Firefox ESR中使用的Graphite 2中的‘graphite2::TtfUtil::CmapSubtable4NextCodepoint’函数存在安全漏洞。远程攻击者可借助特制的Graphite智能字体利用该漏洞造成拒绝服务(缓冲区越边界读取)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://www.mozilla.org/security/announce/2016/mfsa2016-37.html
Reference
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2802
Impacted products
| Name | ['Mozilla Firefox < 45.0', 'Mozilla Firefox ESR 38.x(<38.7)', 'Graphite Graphite 2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-2802"
}
},
"description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Graphite\u662f\u4e00\u5957\u4f7f\u7528Python\u8bed\u8a00\u7f16\u5199\u3001\u91c7\u7528Django\u6846\u67b6\u7684\u4f01\u4e1a\u7ea7\u5f00\u6e90\u7cfb\u7edf\u76d1\u63a7\u5de5\u5177\uff08\u6570\u636e\u7ed8\u56fe\uff09\uff0c\u5b83\u901a\u8fc7\u7b2c\u4e09\u65b9\u5de5\u5177\u6216\u63d2\u4ef6\u8fdb\u884c\u6570\u636e\u6536\u96c6\u3001\u7edf\u8ba1\uff0c\u6700\u540e\u5b8c\u6210\u6570\u636e\u7ed8\u56fe\u3002Graphite 2\u662fGraphite\u7684\u4e00\u4e2a\u5347\u7ea7\u7248\u3002\r\n\r\nMozilla Firefox\u548cFirefox ESR\u4e2d\u4f7f\u7528\u7684Graphite 2\u4e2d\u7684\u2018graphite2::TtfUtil::CmapSubtable4NextCodepoint\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684Graphite\u667a\u80fd\u5b57\u4f53\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7f13\u51b2\u533a\u8d8a\u8fb9\u754c\u8bfb\u53d6\uff09\u3002",
"discovererName": "Mozilla",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-01645",
"openTime": "2016-03-15",
"patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Graphite\u662f\u4e00\u5957\u4f7f\u7528Python\u8bed\u8a00\u7f16\u5199\u3001\u91c7\u7528Django\u6846\u67b6\u7684\u4f01\u4e1a\u7ea7\u5f00\u6e90\u7cfb\u7edf\u76d1\u63a7\u5de5\u5177\uff08\u6570\u636e\u7ed8\u56fe\uff09\uff0c\u5b83\u901a\u8fc7\u7b2c\u4e09\u65b9\u5de5\u5177\u6216\u63d2\u4ef6\u8fdb\u884c\u6570\u636e\u6536\u96c6\u3001\u7edf\u8ba1\uff0c\u6700\u540e\u5b8c\u6210\u6570\u636e\u7ed8\u56fe\u3002Graphite 2\u662fGraphite\u7684\u4e00\u4e2a\u5347\u7ea7\u7248\u3002\r\n\r\nMozilla Firefox\u548cFirefox ESR\u4e2d\u4f7f\u7528\u7684Graphite 2\u4e2d\u7684\u2018graphite2::TtfUtil::CmapSubtable4NextCodepoint\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684Graphite\u667a\u80fd\u5b57\u4f53\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7f13\u51b2\u533a\u8d8a\u8fb9\u754c\u8bfb\u53d6\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u548cFirefox ESR Graphite 2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-01645\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c 45.0",
"Mozilla Firefox ESR 38.x(\u003c38.7)",
"Graphite Graphite 2"
]
},
"referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2802",
"serverity": "\u4e2d",
"submitTime": "2016-03-11",
"title": "Mozilla Firefox\u548cFirefox ESR Graphite 2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-01645\uff09"
}
FKIE_CVE-2016-2802
Vulnerability from fkie_nvd - Published: 2016-03-13 18:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html | ||
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html | ||
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html | ||
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html | ||
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html | ||
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html | ||
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html | Third Party Advisory | |
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html | ||
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html | Third Party Advisory | |
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html | Third Party Advisory | |
| security@mozilla.org | http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html | Third Party Advisory | |
| security@mozilla.org | http://www.debian.org/security/2016/dsa-3510 | ||
| security@mozilla.org | http://www.debian.org/security/2016/dsa-3515 | ||
| security@mozilla.org | http://www.debian.org/security/2016/dsa-3520 | ||
| security@mozilla.org | http://www.mozilla.org/security/announce/2016/mfsa2016-37.html | Vendor Advisory | |
| security@mozilla.org | http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | Third Party Advisory | |
| security@mozilla.org | http://www.securityfocus.com/bid/84222 | ||
| security@mozilla.org | http://www.securitytracker.com/id/1035215 | ||
| security@mozilla.org | http://www.ubuntu.com/usn/USN-2917-1 | ||
| security@mozilla.org | http://www.ubuntu.com/usn/USN-2917-2 | ||
| security@mozilla.org | http://www.ubuntu.com/usn/USN-2917-3 | ||
| security@mozilla.org | http://www.ubuntu.com/usn/USN-2927-1 | ||
| security@mozilla.org | http://www.ubuntu.com/usn/USN-2934-1 | ||
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1248804 | Issue Tracking | |
| security@mozilla.org | https://security.gentoo.org/glsa/201605-06 | ||
| security@mozilla.org | https://security.gentoo.org/glsa/201701-63 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3510 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3515 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3520 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2016/mfsa2016-37.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/84222 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035215 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2917-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2917-2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2917-3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2927-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2934-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=1248804 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201605-06 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-63 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox | 38.0 | |
| mozilla | firefox | 38.0.1 | |
| mozilla | firefox | 38.0.5 | |
| mozilla | firefox | 38.1.0 | |
| mozilla | firefox | 38.1.1 | |
| mozilla | firefox | 38.2.0 | |
| mozilla | firefox | 38.2.1 | |
| mozilla | firefox | 38.3.0 | |
| mozilla | firefox | 38.4.0 | |
| mozilla | firefox | 38.5.0 | |
| mozilla | firefox | 38.5.1 | |
| mozilla | firefox | 38.6.0 | |
| mozilla | firefox | 38.6.1 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| suse | linux_enterprise | 12.0 | |
| sil | graphite2 | * | |
| oracle | linux | 5.0 | |
| oracle | linux | 6 | |
| oracle | linux | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CA2CAD-3088-47C2-AE3A-607E6064E9BE",
"versionEndIncluding": "44.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2765E663-C9CF-476A-B7A8-6F02D0E2D72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B4E871-0ACB-4EC5-8392-EAD0DF25E64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "435D6EF5-C879-4121-9D47-EF2236E53409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5963D11-D2F4-40A7-81CE-E034C91FCCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB022A7-B792-4AC0-B2CF-AF6F384AE719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sil:graphite2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0A27A0-9ADC-4800-AEE7-C006ED3E0474",
"versionEndIncluding": "1.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font."
},
{
"lang": "es",
"value": "La funci\u00f3n graphite2::TtfUtil::CmapSubtable4NextCodepoint en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7, permite a atacantes remotos causar una denegaci\u00f3n de servicio (sobre lectura de buffer) o posiblemente tener otro impacto no especificado a trav\u00e9s de una fuente inteligente Graphite manipulada."
}
],
"id": "CVE-2016-2802",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-13T18:59:41.650",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-63"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CXF4-P5VV-9C89
Vulnerability from github – Published: 2022-05-13 01:29 – Updated: 2022-05-13 01:29
VLAI?
Details
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2016-2802"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-03-13T18:59:00Z",
"severity": "HIGH"
},
"details": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"id": "GHSA-cxf4-p5vv-9c89",
"modified": "2022-05-13T01:29:24Z",
"published": "2022-05-13T01:29:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2802"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2016-2802
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-2802",
"description": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"id": "GSD-2016-2802",
"references": [
"https://www.suse.com/security/cve/CVE-2016-2802.html",
"https://www.debian.org/security/2016/dsa-3520",
"https://www.debian.org/security/2016/dsa-3515",
"https://www.debian.org/security/2016/dsa-3510",
"https://access.redhat.com/errata/RHSA-2016:0460",
"https://access.redhat.com/errata/RHSA-2016:0373",
"https://ubuntu.com/security/CVE-2016-2802",
"https://advisories.mageia.org/CVE-2016-2802.html",
"https://linux.oracle.com/cve/CVE-2016-2802.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-2802"
],
"details": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"id": "GSD-2016-2802",
"modified": "2023-12-13T01:21:19.667893Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "44.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sil:graphite2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2802"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248804"
},
{
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "84222",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3515",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "USN-2927-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
},
{
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201701-63"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-12-27T16:08Z",
"publishedDate": "2016-03-13T18:59Z"
}
}
}
OPENSUSE-SU-2016:1769-1
Vulnerability from csaf_opensuse - Published: 2016-07-10 18:30 - Updated: 2016-07-10 18:30Summary
Security update for Mozilla Thunderbird
Severity
Important
Notes
Title of the patch: Security update for Mozilla Thunderbird
Description of the patch: This update contains Mozilla Thunderbird 45.2. (boo#983549)
It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail.
The following vulnerabilities were fixed:
- CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549, MFSA2016-49)
Contains the following security fixes from the 45.1 release: (boo#977333)
- CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards (boo#977375, boo#977376, MFSA 2016-39)
Contains the following security fixes from the 45.0 release: (boo#969894)
- CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA 2016-16)
- CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)
- CVE-2016-1955: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18)
- CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)
- CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20)
- CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)
- CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)
- CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)
- CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34)
The graphite font shaping library was disabled, addressing the following font vulnerabilities:
- MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
The following tracked packaging changes are included:
- fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637)
- gcc6 fixes (boo#986162)
- running on 48bit va aarch64 (boo#984126)
Patchnames: openSUSE-2016-851
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
115 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/969894 | self |
| https://bugzilla.suse.com/977333 | self |
| https://bugzilla.suse.com/977375 | self |
| https://bugzilla.suse.com/977376 | self |
| https://bugzilla.suse.com/983549 | self |
| https://bugzilla.suse.com/984126 | self |
| https://bugzilla.suse.com/984637 | self |
| https://bugzilla.suse.com/986162 | self |
| https://www.suse.com/security/cve/CVE-2016-1952/ | self |
| https://www.suse.com/security/cve/CVE-2016-1953/ | self |
| https://www.suse.com/security/cve/CVE-2016-1954/ | self |
| https://www.suse.com/security/cve/CVE-2016-1955/ | self |
| https://www.suse.com/security/cve/CVE-2016-1956/ | self |
| https://www.suse.com/security/cve/CVE-2016-1957/ | self |
| https://www.suse.com/security/cve/CVE-2016-1960/ | self |
| https://www.suse.com/security/cve/CVE-2016-1961/ | self |
| https://www.suse.com/security/cve/CVE-2016-1964/ | self |
| https://www.suse.com/security/cve/CVE-2016-1974/ | self |
| https://www.suse.com/security/cve/CVE-2016-1977/ | self |
| https://www.suse.com/security/cve/CVE-2016-2790/ | self |
| https://www.suse.com/security/cve/CVE-2016-2791/ | self |
| https://www.suse.com/security/cve/CVE-2016-2792/ | self |
| https://www.suse.com/security/cve/CVE-2016-2793/ | self |
| https://www.suse.com/security/cve/CVE-2016-2794/ | self |
| https://www.suse.com/security/cve/CVE-2016-2795/ | self |
| https://www.suse.com/security/cve/CVE-2016-2796/ | self |
| https://www.suse.com/security/cve/CVE-2016-2797/ | self |
| https://www.suse.com/security/cve/CVE-2016-2798/ | self |
| https://www.suse.com/security/cve/CVE-2016-2799/ | self |
| https://www.suse.com/security/cve/CVE-2016-2800/ | self |
| https://www.suse.com/security/cve/CVE-2016-2801/ | self |
| https://www.suse.com/security/cve/CVE-2016-2802/ | self |
| https://www.suse.com/security/cve/CVE-2016-2806/ | self |
| https://www.suse.com/security/cve/CVE-2016-2807/ | self |
| https://www.suse.com/security/cve/CVE-2016-2815/ | self |
| https://www.suse.com/security/cve/CVE-2016-2818/ | self |
| https://www.suse.com/security/cve/CVE-2016-1952 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-1953 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-1954 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-1955 | external |
| https://bugzilla.suse.com/969894 | external |
| https://bugzilla.suse.com/970257 | external |
| https://bugzilla.suse.com/970377 | external |
| https://bugzilla.suse.com/970378 | external |
| https://bugzilla.suse.com/970379 | external |
| https://bugzilla.suse.com/970380 | external |
| https://bugzilla.suse.com/970381 | external |
| https://bugzilla.suse.com/970431 | external |
| https://bugzilla.suse.com/970433 | external |
| https://www.suse.com/security/cve/CVE-2016-1956 | external |
| https://bugzilla.suse.com/969894 | external |
| https://bugzilla.suse.com/970257 | external |
| https://bugzilla.suse.com/970377 | external |
| https://bugzilla.suse.com/970378 | external |
| https://bugzilla.suse.com/970379 | external |
| https://bugzilla.suse.com/970380 | external |
| https://bugzilla.suse.com/970381 | external |
| https://bugzilla.suse.com/970431 | external |
| https://bugzilla.suse.com/970433 | external |
| https://www.suse.com/security/cve/CVE-2016-1957 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-1960 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-1961 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-1964 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-1974 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-1977 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2790 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2791 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2792 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2793 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2794 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2795 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2796 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2797 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2798 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2799 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2800 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2801 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2802 | external |
| https://bugzilla.suse.com/969894 | external |
| https://www.suse.com/security/cve/CVE-2016-2806 | external |
| https://bugzilla.suse.com/977375 | external |
| https://www.suse.com/security/cve/CVE-2016-2807 | external |
| https://bugzilla.suse.com/977333 | external |
| https://bugzilla.suse.com/977376 | external |
| https://www.suse.com/security/cve/CVE-2016-2815 | external |
| https://bugzilla.suse.com/983549 | external |
| https://bugzilla.suse.com/983638 | external |
| https://www.suse.com/security/cve/CVE-2016-2818 | external |
| https://bugzilla.suse.com/983549 | external |
| https://bugzilla.suse.com/983638 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Mozilla Thunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\nIt fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail.\n\nThe following vulnerabilities were fixed:\n\n- CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549, MFSA2016-49)\n\nContains the following security fixes from the 45.1 release: (boo#977333)\n\n- CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards (boo#977375, boo#977376, MFSA 2016-39)\n\nContains the following security fixes from the 45.0 release: (boo#969894)\n\n- CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA 2016-16)\n- CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)\n- CVE-2016-1955: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18)\n- CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n- CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20)\n- CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n- CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n- CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n- CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34)\n\nThe graphite font shaping library was disabled, addressing the following font vulnerabilities:\n\n- MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\nThe following tracked packaging changes are included:\n\n- fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637)\n- gcc6 fixes (boo#986162)\n- running on 48bit va aarch64 (boo#984126)",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2016-851",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2016_1769-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2016:1769-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IT5Z2MQVCUU2PY7AOHLQUFDN44PCYHX5/#IT5Z2MQVCUU2PY7AOHLQUFDN44PCYHX5"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2016:1769-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IT5Z2MQVCUU2PY7AOHLQUFDN44PCYHX5/#IT5Z2MQVCUU2PY7AOHLQUFDN44PCYHX5"
},
{
"category": "self",
"summary": "SUSE Bug 969894",
"url": "https://bugzilla.suse.com/969894"
},
{
"category": "self",
"summary": "SUSE Bug 977333",
"url": "https://bugzilla.suse.com/977333"
},
{
"category": "self",
"summary": "SUSE Bug 977375",
"url": "https://bugzilla.suse.com/977375"
},
{
"category": "self",
"summary": "SUSE Bug 977376",
"url": "https://bugzilla.suse.com/977376"
},
{
"category": "self",
"summary": "SUSE Bug 983549",
"url": "https://bugzilla.suse.com/983549"
},
{
"category": "self",
"summary": "SUSE Bug 984126",
"url": "https://bugzilla.suse.com/984126"
},
{
"category": "self",
"summary": "SUSE Bug 984637",
"url": "https://bugzilla.suse.com/984637"
},
{
"category": "self",
"summary": "SUSE Bug 986162",
"url": "https://bugzilla.suse.com/986162"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1952 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1953 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1954 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1955 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1956 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1957 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1960 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1961 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1964 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1977 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2790 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2791 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2792 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2793 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2794 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2795 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2796 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2797 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2798 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2799 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2800 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2801 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2802 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2806 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2807 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2815 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2818 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2818/"
}
],
"title": "Security update for Mozilla Thunderbird",
"tracking": {
"current_release_date": "2016-07-10T18:30:29Z",
"generator": {
"date": "2016-07-10T18:30:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2016:1769-1",
"initial_release_date": "2016-07-10T18:30:29Z",
"revision_history": [
{
"date": "2016-07-10T18:30:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.2-6.1.aarch64",
"product": {
"name": "MozillaThunderbird-45.2-6.1.aarch64",
"product_id": "MozillaThunderbird-45.2-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.2-6.1.aarch64",
"product": {
"name": "MozillaThunderbird-devel-45.2-6.1.aarch64",
"product_id": "MozillaThunderbird-devel-45.2-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-45.2-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-45.2-6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.2-6.1.s390x",
"product": {
"name": "MozillaThunderbird-45.2-6.1.s390x",
"product_id": "MozillaThunderbird-45.2-6.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.2-6.1.s390x",
"product": {
"name": "MozillaThunderbird-devel-45.2-6.1.s390x",
"product_id": "MozillaThunderbird-devel-45.2-6.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.2-6.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-45.2-6.1.s390x",
"product_id": "MozillaThunderbird-translations-common-45.2-6.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.2-6.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-45.2-6.1.s390x",
"product_id": "MozillaThunderbird-translations-other-45.2-6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.2-6.1.x86_64",
"product": {
"name": "MozillaThunderbird-45.2-6.1.x86_64",
"product_id": "MozillaThunderbird-45.2-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-45.2-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.2-6.1.x86_64",
"product": {
"name": "MozillaThunderbird-devel-45.2-6.1.x86_64",
"product_id": "MozillaThunderbird-devel-45.2-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-45.2-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.2-6.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-45.2-6.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-45.2-6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.2-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64"
},
"product_reference": "MozillaThunderbird-45.2-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.2-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x"
},
"product_reference": "MozillaThunderbird-45.2-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.2-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64"
},
"product_reference": "MozillaThunderbird-45.2-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-45.2-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.2-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64"
},
"product_reference": "MozillaThunderbird-devel-45.2-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.2-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x"
},
"product_reference": "MozillaThunderbird-devel-45.2-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.2-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64"
},
"product_reference": "MozillaThunderbird-devel-45.2-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.2-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.2-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-45.2-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.2-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.2-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.2-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-45.2-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.2-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-45.2-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1952"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1952",
"url": "https://www.suse.com/security/cve/CVE-2016-1952"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1952",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1952"
},
{
"cve": "CVE-2016-1953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1953"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1953",
"url": "https://www.suse.com/security/cve/CVE-2016-1953"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1953",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1953"
},
{
"cve": "CVE-2016-1954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1954"
}
],
"notes": [
{
"category": "general",
"text": "The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1954",
"url": "https://www.suse.com/security/cve/CVE-2016-1954"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1954",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1954"
},
{
"cve": "CVE-2016-1955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1955"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1955",
"url": "https://www.suse.com/security/cve/CVE-2016-1955"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1955",
"url": "https://bugzilla.suse.com/969894"
},
{
"category": "external",
"summary": "SUSE Bug 970257 for CVE-2016-1955",
"url": "https://bugzilla.suse.com/970257"
},
{
"category": "external",
"summary": "SUSE Bug 970377 for CVE-2016-1955",
"url": "https://bugzilla.suse.com/970377"
},
{
"category": "external",
"summary": "SUSE Bug 970378 for CVE-2016-1955",
"url": "https://bugzilla.suse.com/970378"
},
{
"category": "external",
"summary": "SUSE Bug 970379 for CVE-2016-1955",
"url": "https://bugzilla.suse.com/970379"
},
{
"category": "external",
"summary": "SUSE Bug 970380 for CVE-2016-1955",
"url": "https://bugzilla.suse.com/970380"
},
{
"category": "external",
"summary": "SUSE Bug 970381 for CVE-2016-1955",
"url": "https://bugzilla.suse.com/970381"
},
{
"category": "external",
"summary": "SUSE Bug 970431 for CVE-2016-1955",
"url": "https://bugzilla.suse.com/970431"
},
{
"category": "external",
"summary": "SUSE Bug 970433 for CVE-2016-1955",
"url": "https://bugzilla.suse.com/970433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1955"
},
{
"cve": "CVE-2016-1956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1956"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1956",
"url": "https://www.suse.com/security/cve/CVE-2016-1956"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1956",
"url": "https://bugzilla.suse.com/969894"
},
{
"category": "external",
"summary": "SUSE Bug 970257 for CVE-2016-1956",
"url": "https://bugzilla.suse.com/970257"
},
{
"category": "external",
"summary": "SUSE Bug 970377 for CVE-2016-1956",
"url": "https://bugzilla.suse.com/970377"
},
{
"category": "external",
"summary": "SUSE Bug 970378 for CVE-2016-1956",
"url": "https://bugzilla.suse.com/970378"
},
{
"category": "external",
"summary": "SUSE Bug 970379 for CVE-2016-1956",
"url": "https://bugzilla.suse.com/970379"
},
{
"category": "external",
"summary": "SUSE Bug 970380 for CVE-2016-1956",
"url": "https://bugzilla.suse.com/970380"
},
{
"category": "external",
"summary": "SUSE Bug 970381 for CVE-2016-1956",
"url": "https://bugzilla.suse.com/970381"
},
{
"category": "external",
"summary": "SUSE Bug 970431 for CVE-2016-1956",
"url": "https://bugzilla.suse.com/970431"
},
{
"category": "external",
"summary": "SUSE Bug 970433 for CVE-2016-1956",
"url": "https://bugzilla.suse.com/970433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1956"
},
{
"cve": "CVE-2016-1957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1957"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1957",
"url": "https://www.suse.com/security/cve/CVE-2016-1957"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1957",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-1957"
},
{
"cve": "CVE-2016-1960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1960"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1960",
"url": "https://www.suse.com/security/cve/CVE-2016-1960"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1960",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1960"
},
{
"cve": "CVE-2016-1961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1961"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1961",
"url": "https://www.suse.com/security/cve/CVE-2016-1961"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1961",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1961"
},
{
"cve": "CVE-2016-1964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1964"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1964",
"url": "https://www.suse.com/security/cve/CVE-2016-1964"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1964",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1964"
},
{
"cve": "CVE-2016-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1974"
}
],
"notes": [
{
"category": "general",
"text": "The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1974",
"url": "https://www.suse.com/security/cve/CVE-2016-1974"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1974",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1974"
},
{
"cve": "CVE-2016-1977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1977"
}
],
"notes": [
{
"category": "general",
"text": "The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1977",
"url": "https://www.suse.com/security/cve/CVE-2016-1977"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1977",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-1977"
},
{
"cve": "CVE-2016-2790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2790"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2790",
"url": "https://www.suse.com/security/cve/CVE-2016-2790"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2790",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2790"
},
{
"cve": "CVE-2016-2791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2791"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2791",
"url": "https://www.suse.com/security/cve/CVE-2016-2791"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2791",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2791"
},
{
"cve": "CVE-2016-2792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2792"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2792",
"url": "https://www.suse.com/security/cve/CVE-2016-2792"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2792",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2792"
},
{
"cve": "CVE-2016-2793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2793"
}
],
"notes": [
{
"category": "general",
"text": "CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2793",
"url": "https://www.suse.com/security/cve/CVE-2016-2793"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2793",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2793"
},
{
"cve": "CVE-2016-2794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2794"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2794",
"url": "https://www.suse.com/security/cve/CVE-2016-2794"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2794",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2794"
},
{
"cve": "CVE-2016-2795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2795"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2795",
"url": "https://www.suse.com/security/cve/CVE-2016-2795"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2795",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2795"
},
{
"cve": "CVE-2016-2796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2796"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2796",
"url": "https://www.suse.com/security/cve/CVE-2016-2796"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2796",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2796"
},
{
"cve": "CVE-2016-2797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2797"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2797",
"url": "https://www.suse.com/security/cve/CVE-2016-2797"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2797",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2797"
},
{
"cve": "CVE-2016-2798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2798"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2798",
"url": "https://www.suse.com/security/cve/CVE-2016-2798"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2798",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2798"
},
{
"cve": "CVE-2016-2799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2799"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2799",
"url": "https://www.suse.com/security/cve/CVE-2016-2799"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2799",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2799"
},
{
"cve": "CVE-2016-2800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2800"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2800",
"url": "https://www.suse.com/security/cve/CVE-2016-2800"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2800",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2800"
},
{
"cve": "CVE-2016-2801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2801"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2801",
"url": "https://www.suse.com/security/cve/CVE-2016-2801"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2801",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2801"
},
{
"cve": "CVE-2016-2802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2802"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2802",
"url": "https://www.suse.com/security/cve/CVE-2016-2802"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2802",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "important"
}
],
"title": "CVE-2016-2802"
},
{
"cve": "CVE-2016-2806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2806"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2806",
"url": "https://www.suse.com/security/cve/CVE-2016-2806"
},
{
"category": "external",
"summary": "SUSE Bug 977375 for CVE-2016-2806",
"url": "https://bugzilla.suse.com/977375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-2806"
},
{
"cve": "CVE-2016-2807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2807"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2807",
"url": "https://www.suse.com/security/cve/CVE-2016-2807"
},
{
"category": "external",
"summary": "SUSE Bug 977333 for CVE-2016-2807",
"url": "https://bugzilla.suse.com/977333"
},
{
"category": "external",
"summary": "SUSE Bug 977376 for CVE-2016-2807",
"url": "https://bugzilla.suse.com/977376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-2807"
},
{
"cve": "CVE-2016-2815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2815"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2815",
"url": "https://www.suse.com/security/cve/CVE-2016-2815"
},
{
"category": "external",
"summary": "SUSE Bug 983549 for CVE-2016-2815",
"url": "https://bugzilla.suse.com/983549"
},
{
"category": "external",
"summary": "SUSE Bug 983638 for CVE-2016-2815",
"url": "https://bugzilla.suse.com/983638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-2815"
},
{
"cve": "CVE-2016-2818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2818"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2818",
"url": "https://www.suse.com/security/cve/CVE-2016-2818"
},
{
"category": "external",
"summary": "SUSE Bug 983549 for CVE-2016-2818",
"url": "https://bugzilla.suse.com/983549"
},
{
"category": "external",
"summary": "SUSE Bug 983638 for CVE-2016-2818",
"url": "https://bugzilla.suse.com/983638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.2-6.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-10T18:30:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-2818"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…