[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2016:2254-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":42,"duplicates":43,"related":44,"reserved_at":9,"published_at":59,"modified_at":60,"state":9,"summary":61,"references_raw":63,"kevs":131,"epss":9,"epss_history":132,"metrics":133,"affected":134},"OPENSUSE-SU-2016:2254-1","Security update for MozillaThunderbird\n\n\nThis update for MozillaThunderbird fixes the following issues:\n\n- update to Thunderbird 45.3.0 (boo#991809)\n  * Disposition-Notification-To could not be used in\n    mail.compose.other.header\n  * 'edit as new message' on a received message pre-filled the sender\n    as the composing identity.\n  * Certain messages caused corruption of the drafts summary database.\n  security fixes:\n  * MFSA 2016-62/CVE-2016-2836\n    Miscellaneous memory safety hazards\n  * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)\n    Favicon network connection can persist when page is closed\n  * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)\n    Buffer overflow rendering SVG with bidirectional content\n  * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)\n    Cairo rendering crash due to memory allocation issue with FFmpeg 0.10\n  * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)\n    Stack underflow during 2D graphics rendering\n  * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)\n    Use-after-free when using alt key and toplevel menus\n  * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)\n    Use-after-free in DTLS during WebRTC session shutdown\n  * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)\n    Use-after-free in service workers with nested sync events\n  * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)\n    Scripts on marquee tag can execute in sandboxed iframes\n  * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)\n    Buffer overflow in ClearKey Content Decryption Module (CDM)\n    during video playback\n  * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)\n    Type confusion in display transformation\n  * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)\n    Use-after-free when applying SVG effects\n  * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)\n    Same-origin policy violation using local HTML file and saved shortcut file\n\n- Fix for possible buffer overrun (boo#990856)\n  CVE-2016-6354 (bmo#1292534)\n  [mozilla-flex_buffer_overrun.patch]\n\n- add a screenshot to appdata.xml\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40],{"_key":15},"CVE-2016-2830",{"_key":17},"CVE-2016-2836",{"_key":19},"CVE-2016-2837",{"_key":21},"CVE-2016-2838",{"_key":23},"CVE-2016-2839",{"_key":25},"CVE-2016-5252",{"_key":27},"CVE-2016-5254",{"_key":29},"CVE-2016-5258",{"_key":31},"CVE-2016-5259",{"_key":33},"CVE-2016-5262",{"_key":35},"CVE-2016-5263",{"_key":37},"CVE-2016-5264",{"_key":39},"CVE-2016-5265",{"_key":41},"CVE-2016-6354",[],[],[45,46,47,48,49,50,51,52,53,54,55,56,57,58],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},"2016-09-06T18:46:14Z","2026-02-04T03:40:09.080966Z",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[64,70,74,79,83,87,91,95,99,103,107,111,115,119,123,127],{"url":65,"sources":66,"tags":68},"https://bugzilla.suse.com/990856",[67],"osv_suse",[69],"REPORT",{"url":71,"sources":72,"tags":73},"https://bugzilla.suse.com/991809",[67],[69],{"url":75,"sources":76,"tags":77},"https://www.suse.com/security/cve/CVE-2016-2830",[67],[78],"WEB",{"url":80,"sources":81,"tags":82},"https://www.suse.com/security/cve/CVE-2016-2836",[67],[78],{"url":84,"sources":85,"tags":86},"https://www.suse.com/security/cve/CVE-2016-2837",[67],[78],{"url":88,"sources":89,"tags":90},"https://www.suse.com/security/cve/CVE-2016-2838",[67],[78],{"url":92,"sources":93,"tags":94},"https://www.suse.com/security/cve/CVE-2016-2839",[67],[78],{"url":96,"sources":97,"tags":98},"https://www.suse.com/security/cve/CVE-2016-5252",[67],[78],{"url":100,"sources":101,"tags":102},"https://www.suse.com/security/cve/CVE-2016-5254",[67],[78],{"url":104,"sources":105,"tags":106},"https://www.suse.com/security/cve/CVE-2016-5258",[67],[78],{"url":108,"sources":109,"tags":110},"https://www.suse.com/security/cve/CVE-2016-5259",[67],[78],{"url":112,"sources":113,"tags":114},"https://www.suse.com/security/cve/CVE-2016-5262",[67],[78],{"url":116,"sources":117,"tags":118},"https://www.suse.com/security/cve/CVE-2016-5263",[67],[78],{"url":120,"sources":121,"tags":122},"https://www.suse.com/security/cve/CVE-2016-5264",[67],[78],{"url":124,"sources":125,"tags":126},"https://www.suse.com/security/cve/CVE-2016-5265",[67],[78],{"url":128,"sources":129,"tags":130},"https://www.suse.com/security/cve/CVE-2016-6354",[67],[78],[],[],[],[135],{"ecosystem":136,"name":137,"vendor":138,"product":139,"cpe_part":9,"purl_type":140,"purl_namespace":138,"purl_name":139,"source":9,"versions":141},"SUSE Linux Enterprise","MozillaThunderbird","suse","MozillaThunderbird&distro=SUSE Package Hub 12","rpm",[142],{"version":143,"is_range":144,"range_type":145,"version_start":9,"version_start_type":9,"version_end":146,"version_end_type":147,"fixed_in":9},"lt45_3_0_9_1",true,"ecosystem","45.3.0-9.1","excluding"]