Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-9895 (GCVE-0-2016-9895)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 03:07
VLAI?
EPSS
Summary
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Severity ?
No CVSS data available.
CWE
- CSP bypass using marquee tag
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94885 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037461 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201701-15 | vendor-advisoryx_refsource_GENTOO |
| https://www.debian.org/security/2017/dsa-3757 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1312272 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2973.html | vendor-advisoryx_refsource_REDHAT |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2946.html | vendor-advisoryx_refsource_REDHAT |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 50.1
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 45.6
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 45.6
(custom)
|
Date Public ?
2016-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"name": "94885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94885"
},
{
"name": "1037461",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037461"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "DSA-3757",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"name": "RHSA-2016:2973",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96/"
},
{
"name": "RHSA-2016:2946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSP bypass using marquee tag",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"name": "94885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94885"
},
{
"name": "1037461",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037461"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "DSA-3757",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"name": "RHSA-2016:2973",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96/"
},
{
"name": "RHSA-2016:2946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-9895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.6"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.6"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSP bypass using marquee tag"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-94/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-95/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"name": "94885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94885"
},
{
"name": "1037461",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037461"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "DSA-3757",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"name": "RHSA-2016:2973",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-96/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96/"
},
{
"name": "RHSA-2016:2946",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-9895",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:31.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-9895",
"date": "2026-05-19",
"epss": "0.00709",
"percentile": "0.72421"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D8B549B-E57B-4DFE-8A13-CAB06B5356B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98381E61-F082-4302-B51F-5648884F998B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99A687E-EAE6-417E-A88E-D0082BC194CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8442C20-41F9-47FD-9A12-E724D3A31FD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"45.6.0\", \"matchCriteriaId\": \"A5797C2A-187E-48B8-97A0-F6B5E5EBF38C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"50.1\", \"matchCriteriaId\": \"5D7D13A9-230F-4040-AF9B-EBD07E4ACEEC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"45.6.0\", \"matchCriteriaId\": \"DE18C0AB-9FDB-4705-9CAA-4262B76C0B54\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Event handlers on \\\"marquee\\\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.\"}, {\"lang\": \"es\", \"value\": \"Los gestores de eventos en los elementos \\\"marquee\\\" se ejecutaron a pesar de que existe un CSP (Content Security Policy) estricto que prohib\\u00eda el JavaScript inline. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6.\"}]",
"id": "CVE-2016-9895",
"lastModified": "2024-11-21T03:01:57.823",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-06-11T21:29:01.997",
"references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2946.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2973.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94885\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037461\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1312272\", \"source\": \"security@mozilla.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201701-15\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-3757\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2016-94/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2016-95/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2016-96/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2946.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2973.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94885\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1312272\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201701-15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-3757\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2016-94/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2016-95/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2016-96/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-254\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-9895\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-06-11T21:29:01.997\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Event handlers on \\\"marquee\\\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.\"},{\"lang\":\"es\",\"value\":\"Los gestores de eventos en los elementos \\\"marquee\\\" se ejecutaron a pesar de que existe un CSP (Content Security Policy) estricto que prohib\u00eda el JavaScript inline. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-254\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D8B549B-E57B-4DFE-8A13-CAB06B5356B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98381E61-F082-4302-B51F-5648884F998B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8442C20-41F9-47FD-9A12-E724D3A31FD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"45.6.0\",\"matchCriteriaId\":\"A5797C2A-187E-48B8-97A0-F6B5E5EBF38C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"50.1\",\"matchCriteriaId\":\"5D7D13A9-230F-4040-AF9B-EBD07E4ACEEC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"45.6.0\",\"matchCriteriaId\":\"D2085AD6-C7AD-4784-B164-49543806E0C0\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2946.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2973.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94885\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037461\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1312272\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-15\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3757\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2016-94/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2016-95/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2016-96/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2946.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2973.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1312272\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3757\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2016-94/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2016-95/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2016-96/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2016-AVI-412
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 50.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 45.6",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-9902",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9902"
},
{
"name": "CVE-2016-9897",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9897"
},
{
"name": "CVE-2016-9080",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9080"
},
{
"name": "CVE-2016-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9904"
},
{
"name": "CVE-2016-9899",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9899"
},
{
"name": "CVE-2016-9905",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9905"
},
{
"name": "CVE-2016-9894",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9894"
},
{
"name": "CVE-2016-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9900"
},
{
"name": "CVE-2016-9903",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9903"
},
{
"name": "CVE-2016-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9893"
},
{
"name": "CVE-2016-9895",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9895"
},
{
"name": "CVE-2016-9898",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9898"
},
{
"name": "CVE-2016-9896",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9896"
},
{
"name": "CVE-2016-9901",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9901"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-95 du 13 d\u00e9cembre 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-94 du 13 d\u00e9cembre 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/"
}
],
"reference": "CERTFR-2016-AVI-412",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Firefox\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-95 du 13 d\u00e9cembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-94 du 13 d\u00e9cembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-431
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Thunderbird versions antérieures à 45.6
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eThunderbird versions ant\u00e9rieures \u00e0 45.6\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-9897",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9897"
},
{
"name": "CVE-2016-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9904"
},
{
"name": "CVE-2016-9899",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9899"
},
{
"name": "CVE-2016-9905",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9905"
},
{
"name": "CVE-2016-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9900"
},
{
"name": "CVE-2016-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9893"
},
{
"name": "CVE-2016-9895",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9895"
},
{
"name": "CVE-2016-9898",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9898"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-96 du 28 d\u00e9cembre 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/"
}
],
"reference": "CERTFR-2016-AVI-431",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Thunderbird\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-96 du 28 d\u00e9cembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-412
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 50.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 45.6",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-9902",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9902"
},
{
"name": "CVE-2016-9897",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9897"
},
{
"name": "CVE-2016-9080",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9080"
},
{
"name": "CVE-2016-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9904"
},
{
"name": "CVE-2016-9899",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9899"
},
{
"name": "CVE-2016-9905",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9905"
},
{
"name": "CVE-2016-9894",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9894"
},
{
"name": "CVE-2016-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9900"
},
{
"name": "CVE-2016-9903",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9903"
},
{
"name": "CVE-2016-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9893"
},
{
"name": "CVE-2016-9895",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9895"
},
{
"name": "CVE-2016-9898",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9898"
},
{
"name": "CVE-2016-9896",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9896"
},
{
"name": "CVE-2016-9901",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9901"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-95 du 13 d\u00e9cembre 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-94 du 13 d\u00e9cembre 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/"
}
],
"reference": "CERTFR-2016-AVI-412",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Firefox\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-95 du 13 d\u00e9cembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-94 du 13 d\u00e9cembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-431
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Thunderbird versions antérieures à 45.6
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eThunderbird versions ant\u00e9rieures \u00e0 45.6\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-9897",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9897"
},
{
"name": "CVE-2016-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9904"
},
{
"name": "CVE-2016-9899",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9899"
},
{
"name": "CVE-2016-9905",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9905"
},
{
"name": "CVE-2016-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9900"
},
{
"name": "CVE-2016-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9893"
},
{
"name": "CVE-2016-9895",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9895"
},
{
"name": "CVE-2016-9898",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9898"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-96 du 28 d\u00e9cembre 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/"
}
],
"reference": "CERTFR-2016-AVI-431",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Thunderbird\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-96 du 28 d\u00e9cembre 2016",
"url": null
}
]
}
CNVD-2016-12692
Vulnerability from cnvd - Published: 2016-12-21
VLAI Severity ?
Title
Mozilla Firefox安全绕过漏洞(CNVD-2016-12692)
Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。
Mozilla Firefox 50.1之前的版本和Firefox ESR 45.6之前的版本中存在安全漏洞。攻击者可利用该漏洞绕过安全限制。
Severity
中
Patch Name
Mozilla Firefox安全绕过漏洞(CNVD-2016-12692)的补丁
Patch Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。
Mozilla Firefox 50.1之前的版本和Firefox ESR 45.6之前的版本中存在安全漏洞。攻击者可利用该漏洞绕过安全限制。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/
Reference
http://www.securityfocus.com/bid/94885
Impacted products
| Name | ['Mozilla Firefox ESR <45.6', 'Mozilla Firefox <50.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-9895"
}
},
"description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 50.1\u4e4b\u524d\u7684\u7248\u672c\u548cFirefox ESR 45.6\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002",
"discovererName": "Andrew Krasichkov",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-95/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-12692",
"openTime": "2016-12-21",
"patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 50.1\u4e4b\u524d\u7684\u7248\u672c\u548cFirefox ESR 45.6\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-12692\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox ESR \u003c45.6",
"Mozilla Firefox \u003c50.1"
]
},
"referenceLink": "http://www.securityfocus.com/bid/94885",
"serverity": "\u4e2d",
"submitTime": "2016-12-16",
"title": "Mozilla Firefox\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-12692\uff09"
}
FKIE_CVE-2016-9895
Vulnerability from fkie_nvd - Published: 2018-06-11 21:29 - Updated: 2025-11-25 17:50
Severity ?
Summary
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5797C2A-187E-48B8-97A0-F6B5E5EBF38C",
"versionEndExcluding": "45.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7D13A9-230F-4040-AF9B-EBD07E4ACEEC",
"versionEndExcluding": "50.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2085AD6-C7AD-4784-B164-49543806E0C0",
"versionEndExcluding": "45.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6."
},
{
"lang": "es",
"value": "Los gestores de eventos en los elementos \"marquee\" se ejecutaron a pesar de que existe un CSP (Content Security Policy) estricto que prohib\u00eda el JavaScript inline. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6."
}
],
"id": "CVE-2016-9895",
"lastModified": "2025-11-25T17:50:16.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-11T21:29:01.997",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94885"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037461"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-Q8Q4-9M7F-Q3RP
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32
VLAI?
Details
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Severity ?
6.1 (Medium)
{
"affected": [],
"aliases": [
"CVE-2016-9895"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "MODERATE"
},
"details": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"id": "GHSA-q8q4-9m7f-q3rp",
"modified": "2025-11-25T18:32:05Z",
"published": "2022-05-14T03:10:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9895"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94885"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037461"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2016-9895
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-9895",
"description": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"id": "GSD-2016-9895",
"references": [
"https://www.suse.com/security/cve/CVE-2016-9895.html",
"https://www.debian.org/security/2017/dsa-3757",
"https://www.debian.org/security/2016/dsa-3734",
"https://access.redhat.com/errata/RHSA-2016:2973",
"https://access.redhat.com/errata/RHSA-2016:2946",
"https://ubuntu.com/security/CVE-2016-9895",
"https://advisories.mageia.org/CVE-2016-9895.html",
"https://security.archlinux.org/CVE-2016-9895",
"https://linux.oracle.com/cve/CVE-2016-9895.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-9895"
],
"details": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"id": "GSD-2016-9895",
"modified": "2023-12-13T01:21:21.635845Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-9895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.6"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.6"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSP bypass using marquee tag"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-94/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-95/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"name": "94885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94885"
},
{
"name": "1037461",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037461"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "DSA-3757",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"name": "RHSA-2016:2973",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-96/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96/"
},
{
"name": "RHSA-2016:2946",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-9895"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.6"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.6"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50.1"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Event handlers on \u003ccode\u003emarquee\u003c/code\u003e elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Thunderbird \u003c 45.6, Firefox ESR \u003c 45.6, and Firefox \u003c 50.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSP bypass using marquee tag"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "45.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "45.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-9895"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-96/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-95/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-94/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"name": "DSA-3757",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "1037461",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037461"
},
{
"name": "94885",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94885"
},
{
"name": "RHSA-2016:2973",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"name": "RHSA-2016:2946",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2018-08-03T17:22Z",
"publishedDate": "2018-06-11T21:29Z"
}
}
}
OPENSUSE-SU-2016:3307-1
Vulnerability from csaf_opensuse - Published: 2016-12-30 17:01 - Updated: 2016-12-30 17:01Summary
Security update for MozillaThunderbird
Severity
Moderate
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs.
In general, these flaws cannot be exploited through email in Thunderbird because
scripting is disabled when reading mail, but are potentially risks in browser or
browser-like contexts.
The following vulnerabilities were fixed: (boo#1015422)
- CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
- CVE-2016-9895: CSP bypass using marquee tag
- CVE-2016-9897: Memory corruption in libGLES
- CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
- CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
- CVE-2016-9904: Cross-origin information leak in shared atoms
- CVE-2016-9905: Crash in EnumerateSubDocuments
- CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
The following bugs were fixed:
- The system integration dialog was shown every time when starting Thunderbird
Patchnames: openSUSE-2016-1531
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
139 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs.\n\nIn general, these flaws cannot be exploited through email in Thunderbird because\nscripting is disabled when reading mail, but are potentially risks in browser or\nbrowser-like contexts.\n\nThe following vulnerabilities were fixed: (boo#1015422)\n\n- CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements\n- CVE-2016-9895: CSP bypass using marquee tag\n- CVE-2016-9897: Memory corruption in libGLES\n- CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees\n- CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs\n- CVE-2016-9904: Cross-origin information leak in shared atoms\n- CVE-2016-9905: Crash in EnumerateSubDocuments\n- CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6\n\nThe following bugs were fixed:\n\n- The system integration dialog was shown every time when starting Thunderbird\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2016-1531",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2016_3307-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1015422",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9893 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9895 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9897 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9898 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9899 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9900 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9904 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9905 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9905/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2016-12-30T17:01:32Z",
"generator": {
"date": "2016-12-30T17:01:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2016:3307-1",
"initial_release_date": "2016-12-30T17:01:32Z",
"revision_history": [
{
"date": "2016-12-30T17:01:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.6.0-20.1.aarch64",
"product": {
"name": "MozillaThunderbird-45.6.0-20.1.aarch64",
"product_id": "MozillaThunderbird-45.6.0-20.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"product": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"product_id": "MozillaThunderbird-devel-45.6.0-20.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.6.0-20.1.s390x",
"product": {
"name": "MozillaThunderbird-45.6.0-20.1.s390x",
"product_id": "MozillaThunderbird-45.6.0-20.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.6.0-20.1.s390x",
"product": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.s390x",
"product_id": "MozillaThunderbird-devel-45.6.0-20.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"product_id": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"product_id": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-45.6.0-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-devel-45.6.0-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.6.0-20.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64"
},
"product_reference": "MozillaThunderbird-45.6.0-20.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.6.0-20.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x"
},
"product_reference": "MozillaThunderbird-45.6.0-20.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64"
},
"product_reference": "MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x"
},
"product_reference": "MozillaThunderbird-devel-45.6.0-20.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9893"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9893",
"url": "https://www.suse.com/security/cve/CVE-2016-9893"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9893"
},
{
"cve": "CVE-2016-9895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9895"
}
],
"notes": [
{
"category": "general",
"text": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9895",
"url": "https://www.suse.com/security/cve/CVE-2016-9895"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9895"
},
{
"cve": "CVE-2016-9897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9897"
}
],
"notes": [
{
"category": "general",
"text": "Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9897",
"url": "https://www.suse.com/security/cve/CVE-2016-9897"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9897"
},
{
"cve": "CVE-2016-9898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9898"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9898",
"url": "https://www.suse.com/security/cve/CVE-2016-9898"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9898"
},
{
"cve": "CVE-2016-9899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9899"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9899",
"url": "https://www.suse.com/security/cve/CVE-2016-9899"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9899"
},
{
"cve": "CVE-2016-9900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9900"
}
],
"notes": [
{
"category": "general",
"text": "External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of \"data:\" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9900",
"url": "https://www.suse.com/security/cve/CVE-2016-9900"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9900"
},
{
"cve": "CVE-2016-9904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9904"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9904",
"url": "https://www.suse.com/security/cve/CVE-2016-9904"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9904"
},
{
"cve": "CVE-2016-9905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9905"
}
],
"notes": [
{
"category": "general",
"text": "A potentially exploitable crash in \"EnumerateSubDocuments\" while adding or removing sub-documents. This vulnerability affects Firefox ESR \u003c 45.6 and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9905",
"url": "https://www.suse.com/security/cve/CVE-2016-9905"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9905"
}
]
}
OPENSUSE-SU-2016:3308-1
Vulnerability from csaf_opensuse - Published: 2016-12-30 17:01 - Updated: 2016-12-30 17:01Summary
Security update for MozillaThunderbird
Severity
Moderate
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs.
In general, these flaws cannot be exploited through email in Thunderbird because
scripting is disabled when reading mail, but are potentially risks in browser or
browser-like contexts.
The following vulnerabilities were fixed: (boo#1015422)
- CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
- CVE-2016-9895: CSP bypass using marquee tag
- CVE-2016-9897: Memory corruption in libGLES
- CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
- CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
- CVE-2016-9904: Cross-origin information leak in shared atoms
- CVE-2016-9905: Crash in EnumerateSubDocuments
- CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
The following bugs were fixed:
- The system integration dialog was shown every time when starting Thunderbird
Patchnames: openSUSE-2016-1531
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
139 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs.\n\nIn general, these flaws cannot be exploited through email in Thunderbird because\nscripting is disabled when reading mail, but are potentially risks in browser or\nbrowser-like contexts.\n\nThe following vulnerabilities were fixed: (boo#1015422)\n\n- CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements\n- CVE-2016-9895: CSP bypass using marquee tag\n- CVE-2016-9897: Memory corruption in libGLES\n- CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees\n- CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs\n- CVE-2016-9904: Cross-origin information leak in shared atoms\n- CVE-2016-9905: Crash in EnumerateSubDocuments\n- CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6\n\nThe following bugs were fixed:\n\n- The system integration dialog was shown every time when starting Thunderbird\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2016-1531",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2016_3308-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1015422",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9893 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9895 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9897 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9898 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9899 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9900 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9904 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9905 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9905/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2016-12-30T17:01:32Z",
"generator": {
"date": "2016-12-30T17:01:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2016:3308-1",
"initial_release_date": "2016-12-30T17:01:32Z",
"revision_history": [
{
"date": "2016-12-30T17:01:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.6.0-20.1.aarch64",
"product": {
"name": "MozillaThunderbird-45.6.0-20.1.aarch64",
"product_id": "MozillaThunderbird-45.6.0-20.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"product": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"product_id": "MozillaThunderbird-devel-45.6.0-20.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.6.0-20.1.s390x",
"product": {
"name": "MozillaThunderbird-45.6.0-20.1.s390x",
"product_id": "MozillaThunderbird-45.6.0-20.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.6.0-20.1.s390x",
"product": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.s390x",
"product_id": "MozillaThunderbird-devel-45.6.0-20.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"product_id": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"product_id": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-45.6.0-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-devel-45.6.0-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.6.0-20.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64"
},
"product_reference": "MozillaThunderbird-45.6.0-20.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.6.0-20.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x"
},
"product_reference": "MozillaThunderbird-45.6.0-20.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64"
},
"product_reference": "MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x"
},
"product_reference": "MozillaThunderbird-devel-45.6.0-20.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-45.6.0-20.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9893"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9893",
"url": "https://www.suse.com/security/cve/CVE-2016-9893"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9893"
},
{
"cve": "CVE-2016-9895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9895"
}
],
"notes": [
{
"category": "general",
"text": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9895",
"url": "https://www.suse.com/security/cve/CVE-2016-9895"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9895"
},
{
"cve": "CVE-2016-9897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9897"
}
],
"notes": [
{
"category": "general",
"text": "Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9897",
"url": "https://www.suse.com/security/cve/CVE-2016-9897"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9897"
},
{
"cve": "CVE-2016-9898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9898"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9898",
"url": "https://www.suse.com/security/cve/CVE-2016-9898"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9898"
},
{
"cve": "CVE-2016-9899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9899"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9899",
"url": "https://www.suse.com/security/cve/CVE-2016-9899"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9899"
},
{
"cve": "CVE-2016-9900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9900"
}
],
"notes": [
{
"category": "general",
"text": "External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of \"data:\" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9900",
"url": "https://www.suse.com/security/cve/CVE-2016-9900"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9900"
},
{
"cve": "CVE-2016-9904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9904"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9904",
"url": "https://www.suse.com/security/cve/CVE-2016-9904"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9904"
},
{
"cve": "CVE-2016-9905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9905"
}
],
"notes": [
{
"category": "general",
"text": "A potentially exploitable crash in \"EnumerateSubDocuments\" while adding or removing sub-documents. This vulnerability affects Firefox ESR \u003c 45.6 and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9905",
"url": "https://www.suse.com/security/cve/CVE-2016-9905"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-30T17:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-9905"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…