Security Week 40: the ‘not-really-a-vulnerability’ in WinRAR, an ancient bug in Firefox, and the oops!-update by Microsoft

What is the difference between real and theoretical threats?