**CentOS Errata and Security Advisory** CESA-2008:0208-01
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
Several flaws were found in the processing of some malformed web content. A
web page containing such malicious content could cause SeaMonkey to crash
or, potentially, execute arbitrary code as the user running SeaMonkey.
(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)
Several flaws were found in the display of malformed web content. A web
page containing specially-crafted content could, potentially, trick a
SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,
CVE-2008-1238, CVE-2008-1241)
All SeaMonkey users should upgrade to these updated packages, which contain
backported patches to resolve these issues.
**Merged security bulletin from advisories:**
https://lists.centos.org/pipermail/centos-announce/2008-March/076946.html
**Affected packages:**
seamonkey
seamonkey-chat
seamonkey-devel
seamonkey-dom-inspector
seamonkey-js-debugger
seamonkey-mail
seamonkey-nspr
seamonkey-nspr-devel
seamonkey-nss
seamonkey-nss-devel
{"centos": [{"lastseen": "2023-12-03T17:26:53", "description": "**CentOS Errata and Security Advisory** CESA-2008:0208\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the processing of some malformed web content. A\r\nweb page containing such malicious content could cause SeaMonkey to crash\r\nor, potentially, execute arbitrary code as the user running SeaMonkey.\r\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. A web\r\npage containing specially-crafted content could, potentially, trick a\r\nSeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nAll SeaMonkey users should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076947.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076948.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076949.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076950.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076951.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076953.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076954.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076956.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2008:0208", "cvss3": {}, "published": "2008-03-28T11:28:19", "type": "centos", "title": "seamonkey security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0414", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-29T17:25:08", "id": "CESA-2008:0208", "href": "https://lists.centos.org/pipermail/centos-announce/2008-March/076947.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:26:16", "description": "**CentOS Errata and Security Advisory** CESA-2008:0209\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nSeveral flaws were found in the processing of some malformed HTML mail\r\ncontent. An HTML mail message containing such malicious content could cause\r\nThunderbird to crash or, potentially, execute arbitrary code as the user\r\nrunning Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\r\nCVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. An HTML\r\nmail message containing specially-crafted content could, potentially, trick\r\na user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nNote: JavaScript support is disabled by default in Thunderbird; the above\r\nissues are not exploitable unless JavaScript is enabled.\r\n\r\nAll Thunderbird users should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-April/076969.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-April/076970.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-April/076978.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-April/076979.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2008:0209", "cvss3": {}, "published": "2008-04-10T17:03:24", "type": "centos", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-04-12T07:43:53", "id": "CESA-2008:0209", "href": "https://lists.centos.org/pipermail/centos-announce/2008-April/076969.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:26:50", "description": "**CentOS Errata and Security Advisory** CESA-2008:0207\n\n\nMozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the processing of some malformed web content. A\r\nweb page containing such malicious content could cause Firefox to crash or,\r\npotentially, execute arbitrary code as the user running Firefox.\r\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. A web\r\npage containing specially-crafted content could, potentially, trick a\r\nFirefox user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nAll Firefox users should upgrade to these updated packages, which contain\r\nbackported patches that correct these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076940.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076941.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076942.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076943.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076944.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076945.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076952.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/076955.html\n\n**Affected packages:**\nfirefox\nfirefox-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2008:0207", "cvss3": {}, "published": "2008-03-27T14:36:53", "type": "centos", "title": "firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-29T09:18:01", "id": "CESA-2008:0207", "href": "https://lists.centos.org/pipermail/centos-announce/2008-March/076940.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-12-04T14:43:11", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0208)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0414", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0208.NASL", "href": "https://www.tenable.com/plugins/nessus/31695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0208. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31695);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0414\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0208\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0208)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0208\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0208\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.14.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.14.el2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.16.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-devel-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-1.0.9-15.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-devel-1.0.9-15.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:11", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : seamonkey (CESA-2008:0208)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0414", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:seamonkey", "p-cpe:/a:centos:centos:seamonkey-chat", "p-cpe:/a:centos:centos:seamonkey-devel", "p-cpe:/a:centos:centos:seamonkey-dom-inspector", "p-cpe:/a:centos:centos:seamonkey-js-debugger", "p-cpe:/a:centos:centos:seamonkey-mail", "p-cpe:/a:centos:centos:seamonkey-nspr", "p-cpe:/a:centos:centos:seamonkey-nspr-devel", "p-cpe:/a:centos:centos:seamonkey-nss", "p-cpe:/a:centos:centos:seamonkey-nss-devel", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2008-0208.NASL", "href": "https://www.tenable.com/plugins/nessus/31685", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0208 and \n# CentOS Errata and Security Advisory 2008:0208 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31685);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0414\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0208\");\n\n script_name(english:\"CentOS 3 / 4 : seamonkey (CESA-2008:0208)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014785.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ede1fec\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014786.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eab8fa86\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014787.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e19014ec\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014788.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?563a58d7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014789.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90e79e58\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014791.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f54bb20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-chat-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-devel-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-dom-inspector-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-js-debugger-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-mail-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-devel-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-1.0.9-0.16.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-devel-1.0.9-0.16.el3.centos3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-chat-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-devel-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-dom-inspector-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-js-debugger-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-mail-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-devel-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-1.0.9-15.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-devel-1.0.9-15.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:10:54", "description": "Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080326_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60376);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0803&L=scientific-linux-errata&T=0&P=1821\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f432dd3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-1.5.0.12-0.14.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-1.5.0.12-14.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-devel-1.5.0.12-14.el5_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:10:23", "description": "Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080327_SEAMONKEY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60377);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0803&L=scientific-linux-errata&T=0&P=2063\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92e49aaa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-1.0.9-0.16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-chat-1.0.9-0.16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-devel-1.0.9-0.16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-js-debugger-1.0.9-0.16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-mail-1.0.9-0.16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-1.0.9-0.16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-1.0.9-0.16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-devel-1.0.9-0.16.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-15.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-15.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-15.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-15.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-15.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-15.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nspr-1.0.9-15.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nspr-devel-1.0.9-15.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nss-1.0.9-15.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nss-devel-1.0.9-15.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:53", "description": "Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "Fedora 7 : Miro-1.1.2-2.fc7 / chmsee-1.0.0-1.30.fc7 / devhelp-0.13-15.fc7 / epiphany-2.18.3-8.fc7 / etc (2008-2662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:miro", "p-cpe:/a:fedoraproject:fedora:chmsee", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gtkmozembedmm", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:liferea", "p-cpe:/a:fedoraproject:fedora:openvrml", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:yelp", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2008-2662.NASL", "href": "https://www.tenable.com/plugins/nessus/31689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2662.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31689);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"FEDORA\", value:\"2008-2662\");\n\n script_name(english:\"Fedora 7 : Miro-1.1.2-2.fc7 / chmsee-1.0.0-1.30.fc7 / devhelp-0.13-15.fc7 / epiphany-2.18.3-8.fc7 / etc (2008-2662)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the processing of some malformed web content. A web page\ncontaining such malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several\nflaws were found in the display of malformed web content. A web page\ncontaining specially crafted content could, potentially, trick a\nFirefox user into surrendering sensitive information. (CVE-2008-1234,\nCVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to\nthese updated packages, which correct these issues, and are rebuilt\nagainst the update Firefox packages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438730\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008891.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a60985bb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008892.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e698c52e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a347b664\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008894.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a11951d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008895.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e659ac4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008896.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fef4a278\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008897.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa8742b5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008898.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?907312be\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008899.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a43e3f49\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008900.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?afdb0626\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008901.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef43dad0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008902.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30c744a4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008903.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4afe99c2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008904.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9269017c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:liferea\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvrml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"Miro-1.1.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"chmsee-1.0.0-1.30.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"devhelp-0.13-15.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"epiphany-2.18.3-8.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"epiphany-extensions-2.18.3-8\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"firefox-2.0.0.13-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"galeon-2.0.3-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"gnome-python2-extras-2.14.3-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"gtkmozembedmm-1.4.2.cvs20060817-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"kazehakase-0.5.3-5.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"liferea-1.4.13-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"openvrml-0.16.7-4.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"ruby-gnome2-0.16.0-22.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"yelp-2.18.1-10.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / chmsee / devhelp / epiphany / epiphany-extensions / firefox / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:25", "description": "Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2008-04-17T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : thunderbird (CESA-2008:0209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0209.NASL", "href": "https://www.tenable.com/plugins/nessus/31946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0209 and \n# CentOS Errata and Security Advisory 2008:0209 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31946);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0209\");\n\n script_name(english:\"CentOS 4 / 5 : thunderbird (CESA-2008:0209)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of some malformed HTML mail\ncontent. An HTML mail message containing such malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code as\nthe user running Thunderbird. (CVE-2008-1233, CVE-2008-1235,\nCVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An\nHTML mail message containing specially crafted content could,\npotentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issues are not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014801.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32391eb1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b48cbb9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014807.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44768f91\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014808.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1653d2fd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014816.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?239e66bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"thunderbird-1.5.0.12-10.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-1.5.0.12-11.el5.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:15:00", "description": "From Red Hat Security Advisory 2008:0208 :\n\nUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0208)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0414", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:seamonkey", "p-cpe:/a:oracle:linux:seamonkey-chat", "p-cpe:/a:oracle:linux:seamonkey-devel", "p-cpe:/a:oracle:linux:seamonkey-dom-inspector", "p-cpe:/a:oracle:linux:seamonkey-js-debugger", "p-cpe:/a:oracle:linux:seamonkey-mail", "p-cpe:/a:oracle:linux:seamonkey-nspr", "p-cpe:/a:oracle:linux:seamonkey-nspr-devel", "p-cpe:/a:oracle:linux:seamonkey-nss", "p-cpe:/a:oracle:linux:seamonkey-nss-devel", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2008-0208.NASL", "href": "https://www.tenable.com/plugins/nessus/67676", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0208 and \n# Oracle Linux Security Advisory ELSA-2008-0208 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67676);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0414\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0208\");\n\n script_name(english:\"Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0208)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0208 :\n\nUpdated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a SeaMonkey user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000553.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000554.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.16.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-0.16.el3.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-15.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-15.el4.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:28:39", "description": "Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "Fedora 8 : Miro-1.1.2-2.fc8 / blam-1.8.3-14.fc8 / chmsee-1.0.0-1.30.fc8 / devhelp-0.16.1-6.fc8 / etc (2008-2682)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:miro", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:chmsee", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:gtkmozembedmm", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:liferea", "p-cpe:/a:fedoraproject:fedora:openvrml", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:yelp", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-2682.NASL", "href": "https://www.tenable.com/plugins/nessus/31691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2682.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31691);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"FEDORA\", value:\"2008-2682\");\n\n script_name(english:\"Fedora 8 : Miro-1.1.2-2.fc8 / blam-1.8.3-14.fc8 / chmsee-1.0.0-1.30.fc8 / devhelp-0.16.1-6.fc8 / etc (2008-2682)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source Web browser. Several flaws were\nfound in the processing of some malformed web content. A web page\ncontaining such malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several\nflaws were found in the display of malformed web content. A web page\ncontaining specially crafted content could, potentially, trick a\nFirefox user into surrendering sensitive information. (CVE-2008-1234,\nCVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to\nthese updated packages, which correct these issues, and are rebuilt\nagainst the update Firefox packages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438730\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008916.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?124ff337\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008917.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc225e0f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008918.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5eb16446\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008919.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a7931b1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008920.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b92e55b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008921.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d277b67b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008922.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b464a5e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008923.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba623227\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008924.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d1dbbd22\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008925.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb511dd2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008926.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5e13b73\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008927.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b073bb58\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008928.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f86540d4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008929.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?991ecef2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008930.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97326ca9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008931.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?453f0aee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:liferea\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvrml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"Miro-1.1.2-2.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"blam-1.8.3-14.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"chmsee-1.0.0-1.30.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"devhelp-0.16.1-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"epiphany-2.20.3-2.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"epiphany-extensions-2.20.1-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"firefox-2.0.0.13-1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"galeon-2.0.4-1.fc8.3\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"gnome-python2-extras-2.19.1-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"gnome-web-photo-0.3-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"gtkmozembedmm-1.4.2.cvs20060817-19.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"kazehakase-0.5.3-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"liferea-1.4.13-2.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"openvrml-0.17.5-4.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"ruby-gnome2-0.16.0-21.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"yelp-2.20.0-8.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / chmsee / devhelp / epiphany / epiphany-extensions / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:11:49", "description": "Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080403_THUNDERBIRD_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60380", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60380);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of some malformed HTML mail\ncontent. An HTML mail message containing such malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code as\nthe user running Thunderbird. (CVE-2008-1233, CVE-2008-1235,\nCVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An\nHTML mail message containing specially crafted content could,\npotentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0804&L=scientific-linux-errata&T=0&P=326\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ecd448b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"thunderbird-1.5.0.12-10.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-1.5.0.12-11.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T15:30:06", "description": "From Red Hat Security Advisory 2008:0209 :\n\nUpdated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : thunderbird (ELSA-2008-0209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2008-0209.NASL", "href": "https://www.tenable.com/plugins/nessus/67677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0209 and \n# Oracle Linux Security Advisory ELSA-2008-0209 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67677);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0209\");\n\n script_name(english:\"Oracle Linux 4 : thunderbird (ELSA-2008-0209)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0209 :\n\nUpdated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of some malformed HTML mail\ncontent. An HTML mail message containing such malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code as\nthe user running Thunderbird. (CVE-2008-1233, CVE-2008-1235,\nCVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An\nHTML mail message containing specially crafted content could,\npotentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issues are not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-April/000559.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"thunderbird-1.5.0.12-10.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"thunderbird-1.5.0.12-10.el4.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:16", "description": "Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2008-04-04T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : thunderbird (RHSA-2008:0209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.6", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.1"], "id": "REDHAT-RHSA-2008-0209.NASL", "href": "https://www.tenable.com/plugins/nessus/31757", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0209. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31757);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0209\");\n\n script_name(english:\"RHEL 4 / 5 : thunderbird (RHSA-2008:0209)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of some malformed HTML mail\ncontent. An HTML mail message containing such malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code as\nthe user running Thunderbird. (CVE-2008-1233, CVE-2008-1235,\nCVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. An\nHTML mail message containing specially crafted content could,\npotentially, trick a user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issues are not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0209\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0209\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"thunderbird-1.5.0.12-10.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-1.5.0.12-11.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-1.5.0.12-11.el5_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:54", "description": "The installed version of Thunderbird is affected by various security issues :\n\n - A series of vulnerabilities exist that allow for JavaScript privilege escalation and arbitrary code execution.\n\n - Several stability bugs exist leading to crashes which, in some cases, show traces of memory corruption.", "cvss3": {}, "published": "2008-05-06T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 2.0.0.14 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_20014.NASL", "href": "https://www.tenable.com/plugins/nessus/32134", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(32134);\n script_version(\"1.13\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\",\n \"CVE-2008-1236\", \"CVE-2008-1237\");\n\n script_name(english:\"Mozilla Thunderbird < 2.0.0.14 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is affected by various security\nissues :\n\n - A series of vulnerabilities exist that allow for\n JavaScript privilege escalation and arbitrary code\n execution.\n\n - Several stability bugs exist leading to crashes which,\n in some cases, show traces of memory corruption.\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Mozilla Thunderbird 2.0.0.14 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/03/25\");\n\n script_cvs_date(\"Date: 2018/08/10 18:07:08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'2.0.0.14', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:43", "description": "Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user's privileges. (CVE-2008-1236, CVE-2008-1237).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-05-09T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : mozilla-thunderbird, thunderbird vulnerabilities (USN-605-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-605-1.NASL", "href": "https://www.tenable.com/plugins/nessus/32185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-605-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32185);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\");\n script_xref(name:\"USN\", value:\"605-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : mozilla-thunderbird, thunderbird vulnerabilities (USN-605-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various flaws were discovered in the JavaScript engine. If a user had\nJavaScript enabled and were tricked into opening a malicious email, an\nattacker could escalate privileges within Thunderbird, perform\ncross-site scripting attacks and/or execute arbitrary code with the\nuser's privileges. (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Thunderbird which could lead to\ncrashes and memory corruption. If a user had JavaScript enabled and\nwere tricked into opening a malicious email, an attacker may be able\nto execute arbitrary code with the user's privileges. (CVE-2008-1236,\nCVE-2008-1237).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/605-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-inspector\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-typeaheadfind\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-thunderbird\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-thunderbird-inspector\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-thunderbird-typeaheadfind\", pkgver:\"1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"mozilla-thunderbird\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"thunderbird\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"thunderbird-dev\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"thunderbird-gnome-support\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.7.10.0\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"mozilla-thunderbird\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"thunderbird\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"thunderbird-dev\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"thunderbird-gnome-support\", pkgver:\"2.0.0.14+nobinonly-0ubuntu0.8.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-thunderbird / mozilla-thunderbird-dev / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:47", "description": "New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues, including crashes that can corrupt memory, as well as a JavaScript privilege escalation and arbitrary code execution flaw.", "cvss3": {}, "published": "2008-05-28T00:00:00", "type": "nessus", "title": "Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : mozilla-thunderbird (SSA:2008-128-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mozilla-thunderbird", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2008-128-02.NASL", "href": "https://www.tenable.com/plugins/nessus/32445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-128-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32445);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\");\n script_bugtraq_id(28448);\n script_xref(name:\"SSA\", value:\"2008-128-02\");\n\n script_name(english:\"Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : mozilla-thunderbird (SSA:2008-128-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-thunderbird packages are available for Slackware 10.2,\n11.0, 12.0, 12.1, and -current to fix security issues, including\ncrashes that can corrupt memory, as well as a JavaScript privilege\nescalation and arbitrary code execution flaw.\"\n );\n # http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7275234\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e3c99dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 94, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"mozilla-thunderbird\", pkgver:\"2.0.0.14\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"mozilla-thunderbird\", pkgver:\"2.0.0.14\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"mozilla-thunderbird\", pkgver:\"2.0.0.14\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"mozilla-thunderbird\", pkgver:\"2.0.0.14\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-thunderbird\", pkgver:\"2.0.0.14\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:44:46", "description": "Various MozillaThunderbird fixes were backported to the 10.2 version (1.5.0.x).\n\n + MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n + MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.\n\nJavaScript is not default enabled in our Thunderbird builds though.", "cvss3": {}, "published": "2008-06-09T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5329)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_MOZILLATHUNDERBIRD-5329.NASL", "href": "https://www.tenable.com/plugins/nessus/33120", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-5329.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33120);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\");\n\n script_name(english:\"openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5329)\");\n script_summary(english:\"Check for the MozillaThunderbird-5329 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various MozillaThunderbird fixes were backported to the 10.2 version\n(1.5.0.x).\n\n + MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n + MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\n\nJavaScript is not default enabled in our Thunderbird builds though.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"MozillaThunderbird-1.5.0.14-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"MozillaThunderbird-translations-1.5.0.14-0.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:57", "description": "The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.\n\n- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)\n\n- MFSA 2008-18 Java socket connection to any local port via LiveConnect\n\n- MFSA 2008-17 Privacy issue with SSL Client Authentication\n\n- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs\n\n- MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n- MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution", "cvss3": {}, "published": "2008-03-31T00:00:00", "type": "nessus", "title": "FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:flock", "p-cpe:/a:freebsd:freebsd:linux-firefox", "p-cpe:/a:freebsd:freebsd:linux-firefox-devel", "p-cpe:/a:freebsd:freebsd:linux-flock", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel", "p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:thunderbird", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_12B336C6FE3611DCB09C001C2514716C.NASL", "href": "https://www.tenable.com/plugins/nessus/31714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31714);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Foundation reports of multiple security issues in Firefox,\nSeaMonkey, and Thunderbird. Several of these issues can probably be\nused to run arbitrary code with the privilege of the user running the\nprogram.\n\n- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)\n\n- MFSA 2008-18 Java socket connection to any local port via\nLiveConnect\n\n- MFSA 2008-17 Privacy issue with SSL Client Authentication\n\n- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs\n\n- MFSA 2008-15 Crashes with evidence of memory corruption\n(rv:1.8.1.13)\n\n- MFSA 2008-14 JavaScript privilege escalation and arbitrary code\nexecution\"\n );\n # https://vuxml.freebsd.org/freebsd/12b336c6-fe36-11dc-b09c-001c2514716c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe5374e1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:flock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<2.0.0.13,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<2.0.0.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox-devel<2.0.0.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<1.1.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<1.1.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"flock<1.1.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-flock<1.1.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey-devel>0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<2.0.0.14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<2.0.0.14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:01:08", "description": "A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13.\n\nThis update provides the latest Firefox to correct these issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:080)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:deskbar-applet", "p-cpe:/a:mandriva:linux:devhelp", "p-cpe:/a:mandriva:linux:devhelp-plugins", "p-cpe:/a:mandriva:linux:libdevhelp-1-devel", "p-cpe:/a:mandriva:linux:eclipse-cvs-client", "p-cpe:/a:mandriva:linux:eclipse-ecj", "p-cpe:/a:mandriva:linux:eclipse-jdt", "p-cpe:/a:mandriva:linux:libdevhelp-1_0", "p-cpe:/a:mandriva:linux:eclipse-jdt-sdk", "p-cpe:/a:mandriva:linux:eclipse-pde", "p-cpe:/a:mandriva:linux:eclipse-pde-runtime", "p-cpe:/a:mandriva:linux:eclipse-pde-sdk", "p-cpe:/a:mandriva:linux:eclipse-platform", "p-cpe:/a:mandriva:linux:libdevhelp-1_0-devel", "p-cpe:/a:mandriva:linux:eclipse-platform-sdk", "p-cpe:/a:mandriva:linux:libmozilla-firefox-devel", "p-cpe:/a:mandriva:linux:eclipse-rcp", "p-cpe:/a:mandriva:linux:eclipse-rcp-sdk", "p-cpe:/a:mandriva:linux:libmozilla-firefox2.0.0.13", "p-cpe:/a:mandriva:linux:eclipse-sdk", "p-cpe:/a:mandriva:linux:epiphany", "p-cpe:/a:mandriva:linux:libswt3-gtk2", "p-cpe:/a:mandriva:linux:epiphany-devel", "p-cpe:/a:mandriva:linux:libtotem-plparser-devel", "p-cpe:/a:mandriva:linux:epiphany-extensions", "p-cpe:/a:mandriva:linux:libtotem-plparser1", "p-cpe:/a:mandriva:linux:galeon", "p-cpe:/a:mandriva:linux:gnome-python-extras", "p-cpe:/a:mandriva:linux:gnome-python-gda", "p-cpe:/a:mandriva:linux:libtotem-plparser1-devel", "p-cpe:/a:mandriva:linux:gnome-python-gda-devel", "p-cpe:/a:mandriva:linux:libtotem-plparser7", "p-cpe:/a:mandriva:linux:gnome-python-gdl", "p-cpe:/a:mandriva:linux:gnome-python-gksu", "p-cpe:/a:mandriva:linux:mozilla-firefox", "p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2", "p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed", "p-cpe:/a:mandriva:linux:gnome-python-gtkspell", "p-cpe:/a:mandriva:linux:lib64devhelp-1-devel", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0", "p-cpe:/a:mandriva:linux:mozilla-firefox-af", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-ar", "p-cpe:/a:mandriva:linux:lib64mozilla-firefox-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-be", "p-cpe:/a:mandriva:linux:lib64mozilla-firefox2.0.0.13", "p-cpe:/a:mandriva:linux:lib64totem-plparser-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-bg", "p-cpe:/a:mandriva:linux:lib64totem-plparser1", "p-cpe:/a:mandriva:linux:mozilla-firefox-br_fr", "p-cpe:/a:mandriva:linux:lib64totem-plparser1-devel", "p-cpe:/a:mandriva:linux:lib64totem-plparser7", "p-cpe:/a:mandriva:linux:mozilla-firefox-ca", "p-cpe:/a:mandriva:linux:mozilla-firefox-cs", "p-cpe:/a:mandriva:linux:mozilla-firefox-da", "p-cpe:/a:mandriva:linux:mozilla-firefox-nn_no", "p-cpe:/a:mandriva:linux:mozilla-firefox-de", "p-cpe:/a:mandriva:linux:mozilla-firefox-el", "p-cpe:/a:mandriva:linux:mozilla-firefox-en_gb", "p-cpe:/a:mandriva:linux:mozilla-firefox-es_ar", "p-cpe:/a:mandriva:linux:mozilla-firefox-pa_in", "p-cpe:/a:mandriva:linux:mozilla-firefox-es_es", "p-cpe:/a:mandriva:linux:mozilla-firefox-pl", "p-cpe:/a:mandriva:linux:mozilla-firefox-et_ee", "p-cpe:/a:mandriva:linux:mozilla-firefox-eu", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire", "p-cpe:/a:mandriva:linux:mozilla-firefox-pt_br", "p-cpe:/a:mandriva:linux:mozilla-firefox-fi", "p-cpe:/a:mandriva:linux:mozilla-firefox-fr", "p-cpe:/a:mandriva:linux:mozilla-firefox-pt_pt", "p-cpe:/a:mandriva:linux:mozilla-firefox-fy", "p-cpe:/a:mandriva:linux:mozilla-firefox-ro", "p-cpe:/a:mandriva:linux:mozilla-firefox-ga", "p-cpe:/a:mandriva:linux:mozilla-firefox-ru", "p-cpe:/a:mandriva:linux:mozilla-firefox-gnome-support", "p-cpe:/a:mandriva:linux:mozilla-firefox-gu_in", "p-cpe:/a:mandriva:linux:mozilla-firefox-sk", "p-cpe:/a:mandriva:linux:mozilla-firefox-he", "p-cpe:/a:mandriva:linux:mozilla-firefox-hu", "p-cpe:/a:mandriva:linux:mozilla-firefox-sl", "p-cpe:/a:mandriva:linux:mozilla-firefox-it", "p-cpe:/a:mandriva:linux:mozilla-firefox-sv_se", "p-cpe:/a:mandriva:linux:mozilla-firefox-ja", "p-cpe:/a:mandriva:linux:mozilla-firefox-ka", "p-cpe:/a:mandriva:linux:mozilla-firefox-tr", "p-cpe:/a:mandriva:linux:mozilla-firefox-ko", "p-cpe:/a:mandriva:linux:mozilla-firefox-ku", "p-cpe:/a:mandriva:linux:mozilla-firefox-uk", "p-cpe:/a:mandriva:linux:mozilla-firefox-lt", "p-cpe:/a:mandriva:linux:mozilla-firefox-mk", "p-cpe:/a:mandriva:linux:mozilla-firefox-mn", "p-cpe:/a:mandriva:linux:mozilla-firefox-nb_no", "p-cpe:/a:mandriva:linux:mozilla-firefox-nl", "p-cpe:/a:mandriva:linux:mozilla-firefox-zh_cn", "p-cpe:/a:mandriva:linux:mozilla-firefox-zh_tw", "p-cpe:/a:mandriva:linux:totem", "p-cpe:/a:mandriva:linux:totem-common", "p-cpe:/a:mandriva:linux:totem-gstreamer", "p-cpe:/a:mandriva:linux:totem-mozilla", "p-cpe:/a:mandriva:linux:totem-mozilla-gstreamer", "p-cpe:/a:mandriva:linux:yelp", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2008-080.NASL", "href": "https://www.tenable.com/plugins/nessus/36441", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:080. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36441);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_xref(name:\"MDVSA\", value:\"2008:080\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of security vulnerabilities have been discovered and\ncorrected in the latest Mozilla Firefox program, version 2.0.0.13.\n\nThis update provides the latest Firefox to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-15.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-16.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-17.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-18.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-19.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:deskbar-applet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-cvs-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-ecj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-jdt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-jdt-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-platform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-platform-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-rcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-rcp-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gksu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mozilla-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mozilla-firefox2.0.0.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmozilla-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmozilla-firefox2.0.0.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libswt3-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-br_FR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"deskbar-applet-2.18.0-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"devhelp-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"devhelp-plugins-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-ecj-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-jdt-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-jdt-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-pde-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-pde-runtime-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-pde-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-platform-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-platform-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-rcp-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-rcp-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-sdk-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"epiphany-2.18.0-5.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"epiphany-devel-2.18.0-5.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"epiphany-extensions-2.18.0-2.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"galeon-2.0.3-5.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-extras-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gda-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gda-devel-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gdl-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gksu-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gtkhtml2-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gtkmozembed-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gtkspell-2.14.3-4.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-devel-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox-devel-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox2.0.0.13-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64totem-plparser1-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64totem-plparser1-devel-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libdevhelp-1_0-devel-0.13-3.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libmozilla-firefox-devel-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libmozilla-firefox2.0.0.13-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"libswt3-gtk2-3.2.2-3.4.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libtotem-plparser1-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libtotem-plparser1-devel-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-2.0.0.13-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-af-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ar-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-be-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-bg-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-br_FR-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ca-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-cs-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-da-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-de-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-el-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-en_GB-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-es_AR-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-es_ES-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-et_EE-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-eu-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-fi-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-fr-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-fy-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ga-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-gu_IN-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-he-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-hu-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-it-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ja-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ka-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ko-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ku-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-lt-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-mk-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-mn-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-nb_NO-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-nl-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-nn_NO-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pa_IN-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pl-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pt_BR-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pt_PT-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ro-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ru-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-sk-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-sl-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-sv_SE-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-tr-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-uk-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-zh_CN-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-zh_TW-2.0.0.13-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-common-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-gstreamer-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-mozilla-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-mozilla-gstreamer-2.18.2-1.8mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"yelp-2.18.0-3.7mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"devhelp-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"devhelp-plugins-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-cvs-client-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-ecj-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-jdt-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-pde-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-pde-runtime-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-platform-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-rcp-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"epiphany-2.20.0-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"epiphany-devel-2.20.0-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"galeon-2.0.3-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-extras-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gda-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gda-devel-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gdl-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gksu-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkhtml2-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkmozembed-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkspell-2.19.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox-devel-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox2.0.0.13-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64totem-plparser-devel-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64totem-plparser7-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.16-1.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmozilla-firefox-devel-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmozilla-firefox2.0.0.13-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libswt3-gtk2-3.3.0-0.20.8.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtotem-plparser-devel-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtotem-plparser7-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-af-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ar-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-be-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-bg-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-br_FR-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ca-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-cs-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-da-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-de-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-el-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-en_GB-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-es_AR-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-es_ES-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-et_EE-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-eu-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-blogrovr-1.1.771-3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-foxmarks-2.0.43-3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-scribefire-1.4.2-6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fi-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fr-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fy-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ga-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-gnome-support-2.0.0.13-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-gu_IN-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-he-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-hu-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-it-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ja-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ka-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ko-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ku-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-lt-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-mk-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-mn-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nb_NO-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nl-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nn_NO-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pa_IN-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pl-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pt_BR-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pt_PT-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ro-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ru-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sk-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sl-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sv_SE-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-tr-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-uk-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-zh_CN-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-zh_TW-2.0.0.13-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-common-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-gstreamer-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-mozilla-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-mozilla-gstreamer-2.20.1-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"yelp-2.20.0-3.3mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:28:39", "description": "The installed version of SeaMonkey is affected by various security issues :\n\n - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.\n\n - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption.\n\n - An HTTP Referer spoofing issue with malformed URLs.\n\n - A privacy issue with SSL client authentication.\n\n - Web content fetched via the 'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the localhost.\n\n - It is possible to have a background tab create a border-less XUL pop-up in front of the active tab in the user's browser.", "cvss3": {}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "SeaMonkey < 1.1.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_119.NASL", "href": "https://www.tenable.com/plugins/nessus/31653", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31653);\n script_version(\"1.14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\",\n \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\",\n \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n\n script_name(english:\"SeaMonkey < 1.1.9 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser on the remote host is affected by multiple\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of SeaMonkey is affected by various security\nissues :\n\n - A series of vulnerabilities that allow for JavaScript \n privilege escalation and arbitrary code execution.\n\n - Several stability bugs leading to crashes which, in\n some cases, show traces of memory corruption.\n\n - An HTTP Referer spoofing issue with malformed URLs.\n\n - A privacy issue with SSL client authentication.\n\n - Web content fetched via the 'jar:' protocol can use \n Java via LiveConnect to open socket connections to \n arbitrary ports on the localhost.\n\n - It is possible to have a background tab create a \n border-less XUL pop-up in front of the active tab \n in the user's browser.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SeaMonkey 1.1.9 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/09/08\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n \n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.9', severity:SECURITY_HOLE);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:28", "description": "This update brings the Mozilla XULRunner engine to security update version 1.8.1.13\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {}, "published": "2008-04-22T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5158)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:epiphany", "p-cpe:/a:novell:opensuse:epiphany-devel", "p-cpe:/a:novell:opensuse:epiphany-extensions", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n", "cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_MOZILLA-XULRUNNER181-5158.NASL", "href": "https://www.tenable.com/plugins/nessus/32026", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner181-5158.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32026);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5158)\");\n script_summary(english:\"Check for the mozilla-xulrunner181-5158 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to security update\nversion 1.8.1.13\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner181 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"epiphany-2.16.1-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"epiphany-devel-2.16.1-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"epiphany-extensions-2.16.1-32\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mozilla-xulrunner181-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mozilla-xulrunner181-devel-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mozilla-xulrunner181-l10n-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner181-32bit-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"epiphany-2.20.0-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"epiphany-devel-2.20.0-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"epiphany-extensions-2.20.0-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-xulrunner181-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-xulrunner181-devel-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-xulrunner181-l10n-1.8.1.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner181-32bit-1.8.1.13-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"epiphany / epiphany-devel / epiphany-extensions / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:27", "description": "This update brings the Mozilla XULRunner engine to security update version level 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {}, "published": "2008-04-22T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5163)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:epiphany", "p-cpe:/a:novell:opensuse:epiphany-devel", "p-cpe:/a:novell:opensuse:gecko-sdk", "p-cpe:/a:novell:opensuse:mozilla-xulrunner", "p-cpe:/a:novell:opensuse:mozilla-xulrunner-32bit", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_MOZILLA-XULRUNNER-5163.NASL", "href": "https://www.tenable.com/plugins/nessus/32025", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner-5163.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32025);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5163)\");\n script_summary(english:\"Check for the mozilla-xulrunner-5163 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to security update\nversion level 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gecko-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"epiphany-1.8.5-14.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"epiphany-devel-1.8.5-14.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gecko-sdk-1.8.0.14eol-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mozilla-xulrunner-1.8.0.14eol-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner-32bit-1.8.0.14eol-0.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"epiphany / epiphany-devel / gecko-sdk / mozilla-xulrunner / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:50", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234) A flaw was found in the processing of malformed JavaScript content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-1380) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-05-11T00:00:00", "type": "nessus", "title": "Fedora 7 : thunderbird-2.0.0.14-1.fc7 (2008-3519)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1380"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2008-3519.NASL", "href": "https://www.tenable.com/plugins/nessus/32204", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3519.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32204);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1380\");\n script_bugtraq_id(28448, 28818);\n script_xref(name:\"FEDORA\", value:\"2008-3519\");\n\n script_name(english:\"Fedora 7 : thunderbird-2.0.0.14-1.fc7 (2008-3519)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird is a standalone mail and newsgroup client. Several\nflaws were found in the processing of some malformed HTML mail\ncontent. An HTML mail message containing such malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code as\nthe user running Thunderbird. (CVE-2008-1233, CVE-2008-1235,\nCVE-2008-1236, CVE-2008-1237) Several flaws were found in the display\nof malformed web content. An HTML mail message containing specially\ncrafted content could, potentially, trick a user into surrendering\nsensitive information. (CVE-2008-1234) A flaw was found in the\nprocessing of malformed JavaScript content. An HTML mail message\ncontaining such malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-1380) Note: JavaScript support is disabled by default in\nThunderbird; the above issue is not exploitable unless JavaScript is\nenabled. All Thunderbird users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=440518\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/009710.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe064432\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 94, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"thunderbird-2.0.0.14-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:50", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234) A flaw was found in the processing of malformed JavaScript content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-1380) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-05-11T00:00:00", "type": "nessus", "title": "Fedora 8 : thunderbird-2.0.0.14-1.fc8 (2008-3557)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1380"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-3557.NASL", "href": "https://www.tenable.com/plugins/nessus/32206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3557.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32206);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1380\");\n script_bugtraq_id(28448, 28818);\n script_xref(name:\"FEDORA\", value:\"2008-3557\");\n\n script_name(english:\"Fedora 8 : thunderbird-2.0.0.14-1.fc8 (2008-3557)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird is a standalone mail and newsgroup client. Several\nflaws were found in the processing of some malformed HTML mail\ncontent. An HTML mail message containing such malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code as\nthe user running Thunderbird. (CVE-2008-1233, CVE-2008-1235,\nCVE-2008-1236, CVE-2008-1237) Several flaws were found in the display\nof malformed web content. An HTML mail message containing specially\ncrafted content could, potentially, trick a user into surrendering\nsensitive information. (CVE-2008-1234) A flaw was found in the\nprocessing of malformed JavaScript content. An HTML mail message\ncontaining such malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-1380) Note: JavaScript support is disabled by default in\nThunderbird; the above issue is not exploitable unless JavaScript is\nenabled. All Thunderbird users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=440518\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/009726.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27a0ff25\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 94, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"thunderbird-2.0.0.14-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:05", "description": "Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : firefox (RHSA-2008:0207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.6", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.1"], "id": "REDHAT-RHSA-2008-0207.NASL", "href": "https://www.tenable.com/plugins/nessus/31694", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0207. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31694);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0207\");\n\n script_name(english:\"RHEL 4 / 5 : firefox (RHSA-2008:0207)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which\ncontain backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0207\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0207\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-1.5.0.12-0.14.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-1.5.0.12-14.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-devel-1.5.0.12-14.el5_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T15:26:56", "description": "From Red Hat Security Advisory 2008:0207 :\n\nUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : firefox (ELSA-2008-0207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "p-cpe:/a:oracle:linux:firefox-devel", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2008-0207.NASL", "href": "https://www.tenable.com/plugins/nessus/67675", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0207 and \n# Oracle Linux Security Advisory ELSA-2008-0207 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67675);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0207\");\n\n script_name(english:\"Oracle Linux 4 / 5 : firefox (ELSA-2008-0207)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0207 :\n\nUpdated firefox packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which\ncontain backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000551.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000552.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"firefox-1.5.0.12-0.14.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"firefox-1.5.0.12-0.14.el4.0.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-1.5.0.12-14.el5_1.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"firefox-devel-1.5.0.12-14.el5_1.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:23", "description": "This update brings Mozilla SeaMonkey to security update version 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {}, "published": "2008-04-11T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : seamonkey (seamonkey-5153)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-mail", "p-cpe:/a:novell:opensuse:seamonkey-spellchecker", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_SEAMONKEY-5153.NASL", "href": "https://www.tenable.com/plugins/nessus/31845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5153.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31845);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : seamonkey (seamonkey-5153)\");\n script_summary(english:\"Check for the seamonkey-5153 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla SeaMonkey to security update version 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-dom-inspector-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-irc-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-mail-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-spellchecker-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-venkman-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-dom-inspector-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-irc-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-mail-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-spellchecker-1.1.9-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-venkman-1.1.9-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T16:36:27", "description": "This update fixes security issues also fixes in the Mozilla Firefox 2.0.0.13 update round.\n\nFollowing security problems were fixed :\n\n - XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241)\n\n - Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240)\n\n - Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879)\n\n - HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238)\n\n - Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237)\n\n - JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)", "cvss3": {}, "published": "2008-04-18T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : epiphany (ZYPP Patch Number 5164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLA-XULRUNNER-5164.NASL", "href": "https://www.tenable.com/plugins/nessus/31991", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31991);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"SuSE 10 Security Update : epiphany (ZYPP Patch Number 5164)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes security issues also fixes in the Mozilla Firefox\n2.0.0.13 update round.\n\nFollowing security problems were fixed :\n\n - XUL popup spoofing variant (cross-tab popups). (MFSA\n 2008-19 / CVE-2008-1241)\n\n - Java socket connection to any local port via\n LiveConnect. (MFSA 2008-18 / CVE-2008-1195 /\n CVE-2008-1240)\n\n - Privacy issue with SSL Client Authentication. (MFSA\n 2008-17 / CVE-2007-4879)\n\n - HTTP Referrer spoofing with malformed URLs. (MFSA\n 2008-16 / CVE-2008-1238)\n\n - Crashes with evidence of memory corruption\n (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 /\n CVE-2008-1237)\n\n - JavaScript privilege escalation and arbitrary code\n execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234\n / CVE-2008-1235)\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-15.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4879.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1195.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1233.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1235.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1236.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1241.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5164.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"epiphany-1.8.5-14.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"epiphany-devel-1.8.5-14.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"epiphany-doc-1.8.5-14.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"gecko-sdk-1.8.0.14eol-0.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"mozilla-xulrunner-1.8.0.14eol-0.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner-32bit-1.8.0.14eol-0.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"mozilla-xulrunner-1.8.0.14eol-0.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner-32bit-1.8.0.14eol-0.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:40", "description": "This update brings Mozilla SeaMonkey to the level of seamonkey security update version 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {}, "published": "2008-04-22T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : seamonkey (seamonkey-5167)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-calendar", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-mail", "p-cpe:/a:novell:opensuse:seamonkey-spellchecker", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_SEAMONKEY-5167.NASL", "href": "https://www.tenable.com/plugins/nessus/32027", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5167.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32027);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : seamonkey (seamonkey-5167)\");\n script_summary(english:\"Check for the seamonkey-5167 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla SeaMonkey to the level of seamonkey\nsecurity update version 1.1.9\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-calendar-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-dom-inspector-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-irc-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-mail-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-spellchecker-1.0.9-1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"seamonkey-venkman-1.0.9-1.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:57", "description": "Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : firefox (CESA-2008:0207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "p-cpe:/a:centos:centos:firefox-devel", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0207.NASL", "href": "https://www.tenable.com/plugins/nessus/31684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0207 and \n# CentOS Errata and Security Advisory 2008:0207 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31684);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"RHSA\", value:\"2008:0207\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2008:0207)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of some malformed web\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237)\n\nSeveral flaws were found in the display of malformed web content. A\nweb page containing specially crafted content could, potentially,\ntrick a Firefox user into surrendering sensitive information.\n(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)\n\nAll Firefox users should upgrade to these updated packages, which\ncontain backported patches that correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014778.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?87724df8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014779.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91e68892\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014782.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3bd21e71\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014783.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6c5c810\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014790.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d90b5be6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"firefox-1.5.0.12-0.14.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-1.5.0.12-14.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-devel-1.5.0.12-14.el5.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:57", "description": "This update brings Mozilla Firefox to security update version 2.0.0.13\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.", "cvss3": {}, "published": "2008-03-31T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5135)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillafirefox", "p-cpe:/a:novell:opensuse:mozillafirefox-translations", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_MOZILLAFIREFOX-5135.NASL", "href": "https://www.tenable.com/plugins/nessus/31715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-5135.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31715);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5135)\");\n script_summary(english:\"Check for the MozillaFirefox-5135 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to security update version 2.0.0.13\n\nFollowing security problems were fixed :\n\n - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant\n (cross-tab popups)\n\n - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java\n socket connection to any local port via LiveConnect\n\n - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL\n Client Authentication\n\n - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with\n malformed URLs\n\n - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes\n with evidence of memory corruption (rv:1.8.1.13)\n\n - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and\n CVE-2008-1235: JavaScript privilege escalation and\n arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"MozillaFirefox-2.0.0.13-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"MozillaFirefox-translations-2.0.0.13-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"MozillaFirefox-2.0.0.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"MozillaFirefox-translations-2.0.0.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"MozillaFirefox-2.0.0.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"MozillaFirefox-translations-2.0.0.13-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:06", "description": "This update brings Mozilla Firefox to security update version 2.0.0.13\n\nFollowing security problems were fixed :\n\n - XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241)\n\n - Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240)\n\n - Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879)\n\n - HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238)\n\n - Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237)\n\n - JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)", "cvss3": {}, "published": "2008-04-01T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-5134.NASL", "href": "https://www.tenable.com/plugins/nessus/31722", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31722);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n\n script_name(english:\"SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to security update version 2.0.0.13\n\nFollowing security problems were fixed :\n\n - XUL popup spoofing variant (cross-tab popups). (MFSA\n 2008-19 / CVE-2008-1241)\n\n - Java socket connection to any local port via\n LiveConnect. (MFSA 2008-18 / CVE-2008-1195 /\n CVE-2008-1240)\n\n - Privacy issue with SSL Client Authentication. (MFSA\n 2008-17 / CVE-2007-4879)\n\n - HTTP Referrer spoofing with malformed URLs. (MFSA\n 2008-16 / CVE-2008-1238)\n\n - Crashes with evidence of memory corruption\n (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 /\n CVE-2008-1237)\n\n - JavaScript privilege escalation and arbitrary code\n execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234\n / CVE-2008-1235)\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-15.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4879.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1195.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1233.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1235.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1236.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1241.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5134.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"MozillaFirefox-2.0.0.13-0.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"MozillaFirefox-translations-2.0.0.13-0.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"MozillaFirefox-2.0.0.13-0.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"MozillaFirefox-translations-2.0.0.13-0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:12", "description": "The installed version of Firefox is affected by various security issues :\n\n - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.\n\n - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption.\n\n - An HTTP Referer spoofing issue with malformed URLs.\n\n - A privacy issue with SSL client authentication.\n\n - Web content fetched via the 'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the localhost.\n\n - It is possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser.", "cvss3": {}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "Firefox < 2.0.0.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_20013.NASL", "href": "https://www.tenable.com/plugins/nessus/31652", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31652);\n script_version(\"1.16\");\n\n script_cve_id(\n \"CVE-2007-4879\", \n \"CVE-2008-1195\", \n \"CVE-2008-1233\", \n \"CVE-2008-1234\", \n \"CVE-2008-1235\",\n \"CVE-2008-1236\", \n \"CVE-2008-1237\", \n \"CVE-2008-1238\", \n \"CVE-2008-1240\", \n \"CVE-2008-1241\"\n );\n script_bugtraq_id(28448);\n\n script_name(english:\"Firefox < 2.0.0.13 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is affected by various security\nissues :\n\n - A series of vulnerabilities that allow for JavaScript \n privilege escalation and arbitrary code execution.\n\n - Several stability bugs leading to crashes which, in\n some cases, show traces of memory corruption.\n\n - An HTTP Referer spoofing issue with malformed URLs.\n\n - A privacy issue with SSL client authentication.\n\n - Web content fetched via the 'jar:' protocol can use \n Java via LiveConnect to open socket connections to \n arbitrary ports on the localhost.\n\n - It is possible to have a background tab create a \n borderless XUL pop-up in front of the active tab \n in the user's browser.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 2.0.0.13 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/03/25\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'2.0.0.13', severity:SECURITY_HOLE);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:44:04", "description": "# This shares a lot of text with dsa-1532.wml, dsa-1534.wml, dsa-1535.wml\n\nSeveral remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-1233 'moz_bug_r_a4' discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper.\n\n - CVE-2008-1234 'moz_bug_r_a4' discovered that insecure handling of event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235 Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4' discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code.\n\n - CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1237 'georgi', 'tgirmann' and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.", "cvss3": {}, "published": "2008-05-13T00:00:00", "type": "nessus", "title": "Debian DSA-1574-1 : icedove - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3738", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedove", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1574.NASL", "href": "https://www.tenable.com/plugins/nessus/32308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1574. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32308);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\");\n script_bugtraq_id(28448);\n script_xref(name:\"DSA\", value:\"1574\");\n\n script_name(english:\"Debian DSA-1574-1 : icedove - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"# This shares a lot of text with dsa-1532.wml, dsa-1534.wml,\ndsa-1535.wml\n\nSeveral remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1574\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 94, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"icedove\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-dbg\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-dev\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-gnome-support\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-inspector\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-dev\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-inspector\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-dbg\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-dev\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-gnome-support\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-inspector\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:05", "description": "Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox's character encoding handling. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious web page, an attacker could escalate privileges within the browser, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges.\n(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Firefox which could lead to crashes and memory corruption. If a user were tricked into opening a malicious web page, an attacker may be able to execute arbitrary code with the user's privileges. (CVE-2008-1236, CVE-2008-1237)\n\nGregory Fleischer discovered Firefox did not properly process HTTP Referrer headers when they were sent with with requests to URLs containing Basic Authentication credentials with empty usernames. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. (CVE-2008-1238)\n\nPeter Brodersen and Alexander Klink reported that default the setting in Firefox for SSL Client Authentication allowed for users to be tracked via their client certificate. The default has been changed to prompt the user each time a website requests a client certificate.\n(CVE-2007-4879)\n\nGregory Fleischer discovered that web content fetched via the jar protocol could use Java LiveConnect to connect to arbitrary ports on the user's machine due to improper parsing in the Java plugin. If a user were tricked into opening malicious web content, an attacker may be able to access services running on the user's machine.\n(CVE-2008-1195, CVE-2008-1240)\n\nChris Thomas discovered that Firefox would allow an XUL popup from an unselected tab to display in front of the selected tab. An attacker could exploit this behavior to spoof a login prompt and steal the user's credentials. (CVE-2008-1241).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-0416", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:libnspr-dev", "p-cpe:/a:canonical:ubuntu_linux:libnspr4", "p-cpe:/a:canonical:ubuntu_linux:libnss-dev", "p-cpe:/a:canonical:ubuntu_linux:libnss3", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10"], "id": "UBUNTU_USN-592-1.NASL", "href": "https://www.tenable.com/plugins/nessus/31700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-592-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31700);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0416\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"USN\", value:\"592-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered\nflaws in Firefox's character encoding handling. If a user were tricked\ninto opening a malicious web page, an attacker could perform\ncross-site scripting attacks. (CVE-2008-0416)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a\nuser into opening a malicious web page, an attacker could escalate\nprivileges within the browser, perform cross-site scripting attacks\nand/or execute arbitrary code with the user's privileges.\n(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Firefox which could lead to\ncrashes and memory corruption. If a user were tricked into opening a\nmalicious web page, an attacker may be able to execute arbitrary code\nwith the user's privileges. (CVE-2008-1236, CVE-2008-1237)\n\nGregory Fleischer discovered Firefox did not properly process HTTP\nReferrer headers when they were sent with with requests to URLs\ncontaining Basic Authentication credentials with empty usernames. An\nattacker could exploit this vulnerability to perform cross-site\nrequest forgery attacks. (CVE-2008-1238)\n\nPeter Brodersen and Alexander Klink reported that default the setting\nin Firefox for SSL Client Authentication allowed for users to be\ntracked via their client certificate. The default has been changed to\nprompt the user each time a website requests a client certificate.\n(CVE-2007-4879)\n\nGregory Fleischer discovered that web content fetched via the jar\nprotocol could use Java LiveConnect to connect to arbitrary ports on\nthe user's machine due to improper parsing in the Java plugin. If a\nuser were tricked into opening malicious web content, an attacker may\nbe able to access services running on the user's machine.\n(CVE-2008-1195, CVE-2008-1240)\n\nChris Thomas discovered that Firefox would allow an XUL popup from an\nunselected tab to display in front of the selected tab. An attacker\ncould exploit this behavior to spoof a login prompt and steal the\nuser's credentials. (CVE-2008-1241).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/592-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dbg\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dom-inspector\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-gnome-support\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr4\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss3\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:58", "description": "# This shares a lot of text with dsa-1532.wml, dsa-1535.wml, dsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite.\nThe Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233 'moz_bug_r_a4' discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper.\n\n - CVE-2008-1234 'moz_bug_r_a4' discovered that insecure handling of event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235 Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4' discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code.\n\n - CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1237 'georgi', 'tgirmann' and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1238 Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks.\n\n - CVE-2008-1240 Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin.\n\n - CVE-2008-1241 Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no longer supported.", "cvss3": {}, "published": "2008-03-31T00:00:00", "type": "nessus", "title": "Debian DSA-1534-1 : iceape - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceape", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1534.NASL", "href": "https://www.tenable.com/plugins/nessus/31711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1534. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31711);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_xref(name:\"DSA\", value:\"1534\");\n\n script_name(english:\"Debian DSA-1534-1 : iceape - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"# This shares a lot of text with dsa-1532.wml, dsa-1535.wml,\ndsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceape\ninternet suite, an unbranded version of the SeaMonkey Internet Suite.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-4879\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to\n users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\n\n - CVE-2008-1238\n Gregory Fleischer discovered that HTTP Referrer headers\n were handled incorrectly in combination with URLs\n containing Basic Authentication credentials with empty\n usernames, resulting in potential Cross-Site Request\n Forgery attacks.\n\n - CVE-2008-1240\n Gregory Fleischer discovered that web content fetched\n through the jar: protocol can use Java to connect to\n arbitrary ports. This is only an issue in combination\n with the non-free Java plugin.\n\n - CVE-2008-1241\n Chris Thomas discovered that background tabs could\n generate XUL popups overlaying the current tab,\n resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1534\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceape packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"iceape\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-browser\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-calendar\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-chatzilla\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-dbg\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-dev\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-dom-inspector\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-gnome-support\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceape-mailnews\", reference:\"1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-browser\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-calendar\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-chatzilla\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-dev\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-dom-inspector\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-js-debugger\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-mailnews\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-psm\", reference:\"1.8+1.0.13~pre080323b-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:33", "description": "# This shares a lot of text with dsa-1532.wml, dsa-1534.wml, dsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233 'moz_bug_r_a4' discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper.\n\n - CVE-2008-1234 'moz_bug_r_a4' discovered that insecure handling of event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235 Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4' discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code.\n\n - CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1237 'georgi', 'tgirmann' and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1238 Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks.\n\n - CVE-2008-1240 Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin.\n\n - CVE-2008-1241 Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no longer supported.", "cvss3": {}, "published": "2008-04-11T00:00:00", "type": "nessus", "title": "Debian DSA-1535-1 : iceweasel - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1535.NASL", "href": "https://www.tenable.com/plugins/nessus/31806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1535. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31806);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"DSA\", value:\"1535\");\n\n script_name(english:\"Debian DSA-1535-1 : iceweasel - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"# This shares a lot of text with dsa-1532.wml, dsa-1534.wml,\ndsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-4879\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to\n users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\n\n - CVE-2008-1238\n Gregory Fleischer discovered that HTTP Referrer headers\n were handled incorrectly in combination with URLs\n containing Basic Authentication credentials with empty\n usernames, resulting in potential Cross-Site Request\n Forgery attacks.\n\n - CVE-2008-1240\n Gregory Fleischer discovered that web content fetched\n through the jar: protocol can use Java to connect to\n arbitrary ports. This is only an issue in combination\n with the non-free Java plugin.\n\n - CVE-2008-1241\n Chris Thomas discovered that background tabs could\n generate XUL popups overlaying the current tab,\n resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1535\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.13-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"firefox\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"firefox-dom-inspector\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"firefox-gnome-support\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-dbg\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-dom-inspector\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-gnome-support\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox-dom-inspector\", reference:\"2.0.0.13-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox-gnome-support\", reference:\"2.0.0.13-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:12", "description": "# This shares a lot of text with dsa-1534.wml, dsa-1535.wml, dsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233 'moz_bug_r_a4' discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper.\n\n - CVE-2008-1234 'moz_bug_r_a4' discovered that insecure handling of event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235 Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4' discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code.\n\n - CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1237 'georgi', 'tgirmann' and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-1238 Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks.\n\n - CVE-2008-1240 Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin.\n\n - CVE-2008-1241 Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no longer supported.", "cvss3": {}, "published": "2008-03-31T00:00:00", "type": "nessus", "title": "Debian DSA-1532-1 : xulrunner - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3738", "CVE-2007-4879", "CVE-2007-5338", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xulrunner", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1532.NASL", "href": "https://www.tenable.com/plugins/nessus/31709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1532. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31709);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"DSA\", value:\"1532\");\n\n script_name(english:\"Debian DSA-1532-1 : xulrunner - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"# This shares a lot of text with dsa-1534.wml, dsa-1535.wml,\ndsa-1574.wml\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2007-4879\n Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to\n users being tracked, resulting in a loss of privacy.\n\n - CVE-2008-1233\n 'moz_bug_r_a4' discovered that variants of CVE-2007-3738\n and CVE-2007-5338 allow the execution of arbitrary code\n through XPCNativeWrapper.\n\n - CVE-2008-1234\n 'moz_bug_r_a4' discovered that insecure handling of\n event handlers could lead to cross-site scripting.\n\n - CVE-2008-1235\n Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'\n discovered that incorrect principal handling could lead\n to cross-site scripting and the execution of arbitrary\n code.\n\n - CVE-2008-1236\n Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett\n and Mats Palmgren discovered crashes in the layout\n engine, which might allow the execution of arbitrary\n code.\n\n - CVE-2008-1237\n 'georgi', 'tgirmann' and Igor Bukanov discovered crashes\n in the JavaScript engine, which might allow the\n execution of arbitrary code.\n\n - CVE-2008-1238\n Gregory Fleischer discovered that HTTP Referrer headers\n were handled incorrectly in combination with URLs\n containing Basic Authentication credentials with empty\n usernames, resulting in potential Cross-Site Request\n Forgery attacks.\n\n - CVE-2008-1240\n Gregory Fleischer discovered that web content fetched\n through the jar: protocol can use Java to connect to\n arbitrary ports. This is only an issue in combination\n with the non-free Java plugin.\n\n - CVE-2008-1241\n Chris Thomas discovered that background tabs could\n generate XUL popups overlaying the current tab,\n resulting in potential spoofing attacks.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1532\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xulrunner packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080323b-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libmozillainterfaces-java\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmozjs-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmozjs0d\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmozjs0d-dbg\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnspr4-0d\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnspr4-0d-dbg\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnspr4-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-0d\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-0d-dbg\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-tools\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libsmjs-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libsmjs1\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul-common\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul-dev\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul0d\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul0d-dbg\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python-xpcom\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"spidermonkey-bin\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xulrunner\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xulrunner-gnome-support\", reference:\"1.8.0.15~pre080323b-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:36:47", "description": "A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811).\n\nThis update provides the latest Thunderbird to correct these issues.\nIt also provides Thunderbird 2.x for Corporate 3.0 systems.\n\nUpdate :\n\nThe previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:155-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-2785", "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2809", "CVE-2008-2811"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es_ar", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_br", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ro", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_cn", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_tw", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2008.1"], "id": "MANDRIVA_MDVSA-2008-155.NASL", "href": "https://www.tenable.com/plugins/nessus/36242", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:155. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36242);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2008-1233\",\n \"CVE-2008-1234\",\n \"CVE-2008-1235\",\n \"CVE-2008-1236\",\n \"CVE-2008-1237\",\n \"CVE-2008-2785\",\n \"CVE-2008-2798\",\n \"CVE-2008-2799\",\n \"CVE-2008-2802\",\n \"CVE-2008-2803\",\n \"CVE-2008-2807\",\n \"CVE-2008-2809\",\n \"CVE-2008-2811\"\n );\n script_bugtraq_id(\n 28448,\n 29802,\n 30038\n );\n script_xref(name:\"MDVSA\", value:\"2008:155-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:155-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of security vulnerabilities have been discovered and\ncorrected in the latest Mozilla Thunderbird program, version 2.0.0.16\n(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236,\nCVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799,\nCVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809,\nCVE-2008-2811).\n\nThis update provides the latest Thunderbird to correct these issues.\nIt also provides Thunderbird 2.x for Corporate 3.0 systems.\n\nUpdate :\n\nThe previous update provided the incorrect version of the enigmail\nlocale files. This version correctly builds them for Thunderbird\n2.0.0.16.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-15.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-21.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-24.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-25.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-26/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-29.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-31.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-33.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-34.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 94, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ar-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ca-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-cs-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-de-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-el-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-es-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-es_AR-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-fi-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-fr-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-hu-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-it-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ja-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ko-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-nb-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-nl-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-pl-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-pt-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-pt_BR-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ro-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ru-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-sk-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-sl-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-sv-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-tr-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-zh_CN-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-zh_TW-2.0.0.16-1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ar-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ca-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-cs-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-de-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-el-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-es-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-es_AR-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-fi-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-fr-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-hu-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-it-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ja-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ko-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-nb-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-nl-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-pl-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-pt-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-pt_BR-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ro-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ru-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-sk-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-sl-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-sv-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-tr-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-zh_CN-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-zh_TW-2.0.0.16-1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T16:36:54", "description": "The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities)\n\n The following vulnerabilities were reported in all mentioned Mozilla products:\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412).\n Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413).\n David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419).\n moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).\n Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237).\n moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415).\n Gerry Eisenhaur discovered a directory traversal vulnerability when using 'flat' addons (CVE-2008-0418).\n Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the '0x80' character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416).\n The following vulnerability was reported in Thunderbird and SeaMonkey:\n regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304).\n The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner:\n The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380).\n hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414).\n Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a 'canvas' feature (CVE-2008-0420).\n Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241).\n oo.rio.oo discovered that a plain text file with a 'Content-Disposition: attachment' prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592).\n Martin Straka reported that the '.href' property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593).\n Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the 'Referer:' HTTP header are removed (CVE-2008-1238).\n Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879).\n Gregory Fleischer reported that web content fetched via the 'jar:' protocol was not subject to network access restrictions (CVE-2008-1240).\n The following vulnerabilities were reported in Firefox:\n Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417).\n Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591).\n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594).\n Impact :\n\n A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2008-05-22T00:00:00", "type": "nessus", "title": "GLSA-200805-18 : Mozilla products: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mozilla-firefox", "p-cpe:/a:gentoo:linux:mozilla-firefox-bin", "p-cpe:/a:gentoo:linux:mozilla-thunderbird", "p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin", "p-cpe:/a:gentoo:linux:seamonkey", "p-cpe:/a:gentoo:linux:seamonkey-bin", "p-cpe:/a:gentoo:linux:xulrunner", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200805-18.NASL", "href": "https://www.tenable.com/plugins/nessus/32416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200805-18.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32416);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-1380\");\n script_xref(name:\"GLSA\", value:\"200805-18\");\n\n script_name(english:\"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200805-18\n(Mozilla products: Multiple vulnerabilities)\n\n The following vulnerabilities were reported in all mentioned Mozilla\n products:\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul\n Nickerson reported browser crashes related to JavaScript methods,\n possibly triggering memory corruption (CVE-2008-0412).\n Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\n Philip Taylor, and tgirmann reported crashes in the JavaScript engine,\n possibly triggering memory corruption (CVE-2008-0413).\n David Bloom discovered a vulnerability in the way images are treated by\n the browser when a user leaves a page, possibly triggering memory\n corruption (CVE-2008-0419).\n moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of\n privilege escalation vulnerabilities related to JavaScript\n (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).\n Mozilla developers identified browser crashes caused by the layout and\n JavaScript engines, possibly triggering memory corruption\n (CVE-2008-1236, CVE-2008-1237).\n moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from\n its sandboxed context and run with chrome privileges, and inject script\n content into another site, violating the browser's same origin policy\n (CVE-2008-0415).\n Gerry Eisenhaur discovered a directory traversal vulnerability when\n using 'flat' addons (CVE-2008-0418).\n Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported\n multiple character handling flaws related to the backspace character,\n the '0x80' character, involving zero-length non-ASCII sequences in\n multiple character sets, that could facilitate Cross-Site Scripting\n attacks (CVE-2008-0416).\n The following vulnerability was reported in Thunderbird and SeaMonkey:\n regenrecht (via iDefense) reported a heap-based buffer overflow when\n rendering an email message with an external MIME body (CVE-2008-0304).\n The following vulnerabilities were reported in Firefox, SeaMonkey and\n XULRunner:\n The fix for CVE-2008-1237 in Firefox 2.0.0.13\n and SeaMonkey 1.1.9 introduced a new crash vulnerability\n (CVE-2008-1380).\n hong and Gregory Fleischer each reported a\n variant on earlier reported bugs regarding focus shifting in file input\n controls (CVE-2008-0414).\n Gynvael Coldwind (Vexillium) discovered that BMP images could be used\n to reveal uninitialized memory, and that this data could be extracted\n using a 'canvas' feature (CVE-2008-0420).\n Chris Thomas reported that background tabs could create a borderless\n XUL pop-up in front of pages in other tabs (CVE-2008-1241).\n oo.rio.oo discovered that a plain text file with a\n 'Content-Disposition: attachment' prevents Firefox from rendering\n future plain text files within the browser (CVE-2008-0592).\n Martin Straka reported that the '.href' property of stylesheet DOM\n nodes is modified to the final URI of a 302 redirect, bypassing the\n same origin policy (CVE-2008-0593).\n Gregory Fleischer discovered that under certain circumstances, leading\n characters from the hostname part of the 'Referer:' HTTP header are\n removed (CVE-2008-1238).\n Peter Brodersen and Alexander Klink reported that the browser\n automatically selected and sent a client certificate when SSL Client\n Authentication is requested by a server (CVE-2007-4879).\n Gregory Fleischer reported that web content fetched via the 'jar:'\n protocol was not subject to network access restrictions\n (CVE-2008-1240).\n The following vulnerabilities were reported in Firefox:\n Justin Dolske discovered a CRLF injection vulnerability when storing\n passwords (CVE-2008-0417).\n Michal Zalewski discovered that Firefox does not properly manage a\n delay timer used in confirmation dialogs (CVE-2008-0591).\n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery\n warning dialog is not displayed if the entire contents of a web page\n are in a DIV tag that uses absolute positioning (CVE-2008-0594).\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email that will trigger one of the vulnerabilities, possibly\n leading to the execution of arbitrary code or a Denial of Service. It\n is also possible for an attacker to trick a user to upload arbitrary\n files when submitting a form, to corrupt saved passwords for other\n sites, to steal login credentials, or to conduct Cross-Site Scripting\n and Cross-Site Request Forgery attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200805-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14'\n All Mozilla Firefox binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14'\n All Mozilla Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14'\n All Mozilla Thunderbird binary users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14'\n All SeaMonkey users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1'\n All SeaMonkey binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9'\n All XULRunner users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14'\n NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in\n the SeaMonkey binary ebuild, as no precompiled packages have been\n released. Until an update is available, we recommend all SeaMonkey\n users to disable JavaScript, use Firefox for JavaScript-enabled\n browsing, or switch to the SeaMonkey source ebuild.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/mozilla-firefox-bin\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey-bin\", unaffected:make_list(\"ge 1.1.9\"), vulnerable:make_list(\"lt 1.1.9\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird-bin\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey\", unaffected:make_list(\"ge 1.1.9-r1\"), vulnerable:make_list(\"lt 1.1.9-r1\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"net-libs/xulrunner\", unaffected:make_list(\"ge 1.8.1.14\"), vulnerable:make_list(\"lt 1.8.1.14\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla products\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2021-10-19T20:40:33", "description": "SeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the processing of some malformed web content. A\r\nweb page containing such malicious content could cause SeaMonkey to crash\r\nor, potentially, execute arbitrary code as the user running SeaMonkey.\r\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. A web\r\npage containing specially-crafted content could, potentially, trick a\r\nSeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nAll SeaMonkey users should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "cvss3": {}, "published": "2008-03-27T00:00:00", "type": "redhat", "title": "(RHSA-2008:0208) Critical: seamonkey security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0414", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2019-03-22T19:43:49", "id": "RHSA-2008:0208", "href": "https://access.redhat.com/errata/RHSA-2008:0208", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:26", "description": "Mozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the processing of some malformed web content. A\r\nweb page containing such malicious content could cause Firefox to crash or,\r\npotentially, execute arbitrary code as the user running Firefox.\r\n(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. A web\r\npage containing specially-crafted content could, potentially, trick a\r\nFirefox user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nAll Firefox users should upgrade to these updated packages, which contain\r\nbackported patches that correct these issues.", "cvss3": {}, "published": "2008-03-26T00:00:00", "type": "redhat", "title": "(RHSA-2008:0207) Critical: firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2017-09-08T08:20:22", "id": "RHSA-2008:0207", "href": "https://access.redhat.com/errata/RHSA-2008:0207", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:45:55", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nSeveral flaws were found in the processing of some malformed HTML mail\r\ncontent. An HTML mail message containing such malicious content could cause\r\nThunderbird to crash or, potentially, execute arbitrary code as the user\r\nrunning Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\r\nCVE-2008-1237)\r\n\r\nSeveral flaws were found in the display of malformed web content. An HTML\r\nmail message containing specially-crafted content could, potentially, trick\r\na user into surrendering sensitive information. (CVE-2008-1234,\r\nCVE-2008-1238, CVE-2008-1241)\r\n\r\nNote: JavaScript support is disabled by default in Thunderbird; the above\r\nissues are not exploitable unless JavaScript is enabled.\r\n\r\nAll Thunderbird users should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "cvss3": {}, "published": "2008-04-03T00:00:00", "type": "redhat", "title": "(RHSA-2008:0209) Moderate: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2017-09-08T07:50:52", "id": "RHSA-2008:0209", "href": "https://access.redhat.com/errata/RHSA-2008:0209", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "epiphany is a simple GNOME web browser based on the Mozilla rendering engine. ", "cvss3": {}, "published": "2008-03-26T17:11:47", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: epiphany-2.18.3-8.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:47", "id": "FEDORA:M2QHHVG3004301", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HCIN7DZUDFQGFEY2KRRP2VUIDSNAA3HR/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "cvss3": {}, "published": "2008-03-26T17:11:47", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: firefox-2.0.0.13-1.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:47", "id": "FEDORA:M2QHHVG4004301", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YIOM7QUTOHFC7MAK2LLMNNZ2UD4PFAX3/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "cvss3": {}, "published": "2008-03-26T17:11:47", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: gnome-python2-extras-2.14.3-9.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:47", "id": "FEDORA:M2QHHVG5004301", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PWMR2Z6T62FURG52IDFGVLBGURLSTDNE/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. If you want to use WebKit for HTML rendering engine, install \"kazehakase-webkit\" rpm instead. ", "cvss3": {}, "published": "2008-03-26T17:11:47", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kazehakase-0.5.3-5.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:47", "id": "FEDORA:M2QHHVZ8004302", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WADA4XA27MIH3VLSYFUB5NFKA7SJ7U57/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T18:39:14", "description": "Miro is a free application that turns your computer into an internet TV video player. This release is still a beta version, which means that there are some bugs, but we're moving quickly to fix them and will be releasing bug fixes on a regular basis. ", "cvss3": {}, "published": "2008-03-26T17:11:48", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: Miro-1.1.2-2.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:48", "id": "FEDORA:M2QHHVZ9004302", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BWI7ZURDNTNJ65SIWEQOX4DDFZKV5WCI/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: yelp-2.20.0-8.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHISBA004425", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YEYZFDILPTWMUZT74V3N7HI2ZHM3HBWV/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "OpenVRML is a VRML/X3D support library, including a runtime and facilities for reading and displaying VRML and X3D models. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: openvrml-0.17.5-4.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHJP6P004538", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y43OEYAVRXTHOL362DJW4A46HU2NUC7F/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: epiphany-extensions-2.20.1-6.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHIN9I004419", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4K2Z5JIJL7I5ANOUEQO7YU6B5C5JZQ6V/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "OpenVRML is a VRML/X3D support library, including a runtime and facilities for reading and displaying VRML and X3D models. ", "cvss3": {}, "published": "2008-03-26T17:11:48", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: openvrml-0.16.7-4.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:48", "id": "FEDORA:M2QHHVG7004301", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P6ZEWAGS3FZZEATTWHZGR53SVXF32ZBT/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gtkmozembedmm-1.4.2.cvs20060817-19.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHIN9H004419", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I6MOEI6QHZ4A2WYPUMG6FMBNFX4DSAJ5/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "An API document browser for GNOME 2. ", "cvss3": {}, "published": "2008-03-26T17:11:47", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: devhelp-0.13-15.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:47", "id": "FEDORA:M2QHGFZF004224", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LO2M4TAEIDOAAJOB6LUMIHDRFKS57R6U/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software. ", "cvss3": {}, "published": "2008-03-26T17:11:47", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: gtkmozembedmm-1.4.2.cvs20060817-16.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:47", "id": "FEDORA:M2QHHVZ7004302", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QR3S2FT6LR4MENQQR6K5GDZ57AT5N2MY/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "cvss3": {}, "published": "2008-03-26T17:14:05", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gnome-python2-extras-2.19.1-13.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:05", "id": "FEDORA:M2QHISB7004425", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NVW652XS2ZVNMQ3OJ26ZOEATCXUUE63E/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: galeon-2.0.4-1.fc8.3", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHISBB004425", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JT4GCOBBQZS4YMAPN6FXE33PUVK25RIL/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "An API document browser for GNOME 2. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: devhelp-0.16.1-6.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHJOT5004527", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K7W7RXYKI4EQ3YIY55XHLKY5GD2IUFI4/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: firefox-2.0.0.13-1.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHJP6Q004538", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3YTPNMKUVS3S7GS7PO3EMCCSREFNIZUX/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great peopl e. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then r ead and display them. The extracted files could be found in $HOME/.chmsee/books helf directory. You can clean those files at any time and there is a special con fig option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: chmsee-1.0.0-1.30.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHJP6O004538", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZOUZWY4MJBDN2L7MNP3LC2SFMGVXJOJ3/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great peopl e. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then r ead and display them. The extracted files could be found in $HOME/.chmsee/books helf directory. You can clean those files at any time and there is a special con fig option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. ", "cvss3": {}, "published": "2008-03-26T17:11:47", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: chmsee-1.0.0-1.30.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:47", "id": "FEDORA:M2QHGFZE004224", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ADWKAE4QAJPROR4RTPI4Z2EHQNNOTUDF/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser. ", "cvss3": {}, "published": "2008-03-26T17:11:47", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: epiphany-extensions-2.18.3-8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:47", "id": "FEDORA:M2QHHVZ5004302", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4LCTLQFKI7CMU3IUMZ6TUQ5C4NOVL5AF/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T18:39:14", "description": "Miro is a free application that turns your computer into an internet TV video player. This release is still a beta version, which means that there are some bugs, but we're moving quickly to fix them and will be releasing bug fixes on a regular basis. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: Miro-1.1.2-2.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHJOT4004527", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2LMYP26LKOUNE4ODWGKY4UAXRMEDHSJV/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "gnome-web-photo contains a thumbnailer that will be used by GNOME applicati ons, including the file manager, to generate screenshots of web pages. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gnome-web-photo-0.3-9.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHJOT6004527", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DOO2JXSE5XMD6RQ5VMALV5ZFQWOB5A7O/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. If you want to use WebKit for HTML rendering engine, install \"kazehakase-webkit\" rpm instead. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: kazehakase-0.5.3-5.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHJOT7004527", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W4CWRX7PVLBEWJXVNCCIUA625I6KB6LB/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool. ", "cvss3": {}, "published": "2008-03-26T17:11:48", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: yelp-2.18.1-10.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:48", "id": "FEDORA:M2QHHVG8004301", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S2HSBJFZ3C2J5JXYLGPK4M46RMWNG2MS/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "cvss3": {}, "published": "2008-03-26T17:11:47", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: galeon-2.0.3-16.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:47", "id": "FEDORA:M2QHHVZ6004302", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VVIXERRM5YRPNTBQ6E4ENIYULOXEOH4G/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "epiphany is a simple GNOME web browser based on the Mozilla rendering engine. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: epiphany-2.20.3-2.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHISB8004425", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IHB3FGXPIXAVXWT255YBDHDE2VQJKKY7/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "This is a set of bindings for the GNOME-2.x libraries for use from Ruby. ", "cvss3": {}, "published": "2008-03-26T17:14:05", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: ruby-gnome2-0.16.0-21.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6183", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:05", "id": "FEDORA:M2QHIN9G004419", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ACZWZ2GGMMKFDJB6E5XD6AHAMTZL6MEQ/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "This is a set of bindings for the GNOME-2.x libraries for use from Ruby. ", "cvss3": {}, "published": "2008-03-26T17:11:48", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: ruby-gnome2-0.16.0-22.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6183", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:48", "id": "FEDORA:M2QHHVZA004302", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PXMSH5ZROV2DNZHML7DQHJE2F3GYEQS2/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Blam is a tool that helps you keep track of the growing number of news feeds distributed as RSS. Blam lets you subscribe to any number of feeds and provides an easy to use and clean interface to stay up to date ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: blam-1.8.3-14.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4790", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHJOT8004527", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3VBWFP2BDYE2YQUG55NPQA2XOO7SQ6WC/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Liferea (Linux Feed Reader) is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents. ", "cvss3": {}, "published": "2008-03-26T17:11:48", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: liferea-1.4.13-2.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4791", "CVE-2007-5751", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:11:48", "id": "FEDORA:M2QHHVG6004301", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QYL7AGSZQ75QYC53P73BXCKB5R54Q5E4/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Liferea (Linux Feed Reader) is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents. ", "cvss3": {}, "published": "2008-03-26T17:14:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: liferea-1.4.13-2.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4791", "CVE-2007-5751", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241"], "modified": "2008-03-26T17:14:06", "id": "FEDORA:M2QHISB9004425", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WSIVFYHR37SESMTDOPYMRD3SZJ6J3UCS/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client. ", "cvss3": {}, "published": "2008-05-10T13:55:06", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: thunderbird-2.0.0.14-1.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1380"], "modified": "2008-05-10T13:55:06", "id": "FEDORA:M4AECM6V021803", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P7C53M33JBD64PBDGY4LXTI4JA4UQGZO/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client. ", "cvss3": {}, "published": "2008-05-10T13:53:22", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: thunderbird-2.0.0.14-1.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1380"], "modified": "2008-05-10T13:53:22", "id": "FEDORA:M4AEAEPP021579", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ESDPFCZM26SXFDA4DQKKPNIGG2YNCOUQ/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-27T10:56:02", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2008:0208-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870127", "href": "http://plugins.openvas.org/nasl.php?oid=870127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2008:0208-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00017.html\");\n script_id(870127);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0208-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"RedHat Update for seamonkey RHSA-2008:0208-01\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:27", "description": "Check for the Version of gnome-python2-extras", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860617", "href": "http://plugins.openvas.org/nasl.php?oid=860617", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 8\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00582.html\");\n script_id(860617);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for gnome-python2-extras FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.19.1~13.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:42", "description": "Check for the Version of yelp", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for yelp FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860289", "href": "http://plugins.openvas.org/nasl.php?oid=860289", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for yelp FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"yelp on Fedora 8\";\ntag_insight = \"Yelp is the Gnome 2 help/documentation browser. It is designed\n to help you browse all the documentation on your system in\n one central tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00578.html\");\n script_id(860289);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for yelp FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of yelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.20.0~8.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "description": "Check for the Version of chmsee", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for chmsee FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860772", "href": "http://plugins.openvas.org/nasl.php?oid=860772", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chmsee FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A gtk2 chm document viewer.\n\n It uses chmlib to extract files. It uses gecko to display pages. It supports\n displaying multilingual pages due to gecko. It features bookmarks and tabs.\n The tabs could be used to jump inside the chm file conveniently. Its UI is\n clean and handy, also is well localized. It is actively developed and\n maintained. The author of chmsee is Jungle Ji and several other great people.\n \n Hint\n * Unlike other chm viewers, chmsee extracts files from chm file, and then read\n and display them. The extracted files could be found in $HOME/.chmsee/bookshelf\n directory. You can clean those files at any time and there is a special config\n option for that.\n * The bookmark is related to each file so not all bookmarks will be loaded,\n only current file's.\n * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade.\";\n\ntag_affected = \"chmsee on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00589.html\");\n script_id(860772);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for chmsee FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of chmsee\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"chmsee\", rpm:\"chmsee~1.0.0~1.30.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:00", "description": "Check for the Version of devhelp", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for devhelp FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860274", "href": "http://plugins.openvas.org/nasl.php?oid=860274", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for devhelp FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"devhelp on Fedora 7\";\ntag_insight = \"An API document browser for GNOME 2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00553.html\");\n script_id(860274);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for devhelp FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of devhelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.13~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:12", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860197", "href": "http://plugins.openvas.org/nasl.php?oid=860197", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 8\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00591.html\");\n script_id(860197);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for firefox FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~2.0.0.13~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:16", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0207 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880029", "href": "http://plugins.openvas.org/nasl.php?oid=880029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014779.html\");\n script_id(880029);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos4 x86_64\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:24", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880186", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014788.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880186\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:02", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014786.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880112\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:02", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880000", "href": "http://plugins.openvas.org/nasl.php?oid=880000", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014784.html\");\n script_id(880000);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:04", "description": "Check for the Version of gnome-python2-extras", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860044", "href": "http://plugins.openvas.org/nasl.php?oid=860044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 7\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00560.html\");\n script_id(860044);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for gnome-python2-extras FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.14.3~9.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:34", "description": "Check for the Version of gnome-web-photo", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860141", "href": "http://plugins.openvas.org/nasl.php?oid=860141", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 8\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00587.html\");\n script_id(860141);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for gnome-web-photo FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.3~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:34", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0207 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880201", "href": "http://plugins.openvas.org/nasl.php?oid=880201", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014780.html\");\n script_id(880201);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos3 x86_64\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:08", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880083", "href": "http://plugins.openvas.org/nasl.php?oid=880083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014785.html\");\n script_id(880083);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208 centos3 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:18", "description": "Check for the Version of Miro", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for Miro FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860713", "href": "http://plugins.openvas.org/nasl.php?oid=860713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for Miro FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"Miro on Fedora 8\";\ntag_insight = \"Miro is a free application that turns your computer into an\n internet TV video player. This release is still a beta version, which means\n that there are some bugs, but we're moving quickly to fix them and will be\n releasing bug fixes on a regular basis.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00577.html\");\n script_id(860713);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for Miro FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of Miro\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"Miro\", rpm:\"Miro~1.1.2~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:40", "description": "Check for the Version of galeon", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for galeon FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860807", "href": "http://plugins.openvas.org/nasl.php?oid=860807", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for galeon FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"galeon on Fedora 8\";\ntag_insight = \"Galeon is a web browser built around Gecko (Mozilla's rendering\n engine) and Necko (Mozilla's networking engine). It's a GNOME web\n browser, designed to take advantage of as many GNOME technologies as\n makes sense. Galeon was written to do just one thing - browse the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00585.html\");\n script_id(860807);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for galeon FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of galeon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.4~1.fc8.3\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "description": "Check for the Version of epiphany-extensions", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for epiphany-extensions FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860770", "href": "http://plugins.openvas.org/nasl.php?oid=860770", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany-extensions FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany-extensions on Fedora 8\";\ntag_insight = \"Epiphany Extensions is a collection of extensions for Epiphany, the\n GNOME web browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00583.html\");\n script_id(860770);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for epiphany-extensions FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of epiphany-extensions\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.20.1~6.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:34", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2008:0207-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870050", "href": "http://plugins.openvas.org/nasl.php?oid=870050", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2008:0207-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00016.html\");\n script_id(870050);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0207-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"RedHat Update for firefox RHSA-2008:0207-01\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~14.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~1.5.0.12~14.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~14.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~1.5.0.12~0.14.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:05", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880186", "href": "http://plugins.openvas.org/nasl.php?oid=880186", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014788.html\");\n script_id(880186);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208 centos4 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:35", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880000", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880000", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014784.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880000\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:49", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014785.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880083\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:13", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880112", "href": "http://plugins.openvas.org/nasl.php?oid=880112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014786.html\");\n script_id(880112);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.16.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:10", "description": "Check for the Version of galeon", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for galeon FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860472", "href": "http://plugins.openvas.org/nasl.php?oid=860472", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for galeon FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"galeon on Fedora 7\";\ntag_insight = \"Galeon is a web browser built around Gecko (Mozilla's rendering\n engine) and Necko (Mozilla's networking engine). It's a GNOME web\n browser, designed to take advantage of as many GNOME technologies as\n makes sense. Galeon was written to do just one thing - browse the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00557.html\");\n script_id(860472);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for galeon FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of galeon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:44", "description": "Check for the Version of gtkmozembedmm", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gtkmozembedmm FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860540", "href": "http://plugins.openvas.org/nasl.php?oid=860540", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gtkmozembedmm FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gtkmozembedmm on Fedora 7\";\ntag_insight = \"This package provides a C++/gtkmm wrapper for GtkMozEmbed\n from Mozilla 1.4.x to 1.7.x.\n The wrapper provides a convenient interface for C++ programmers\n to use the Gtkmozembed HTML-rendering widget inside their software.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00558.html\");\n script_id(860540);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for gtkmozembedmm FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of gtkmozembedmm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtkmozembedmm\", rpm:\"gtkmozembedmm~1.4.2.cvs20060817~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:40", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2008:0208-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2008:0208-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00017.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870127\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0208-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"RedHat Update for seamonkey RHSA-2008:0208-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.14.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~15.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.16.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:14", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880287", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880287", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of some malformed HTML mail\n content. An HTML mail message containing such malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code as the user\n running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\n CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. An HTML\n mail message containing specially-crafted content could, potentially, trick\n a user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-April/014808.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880287\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0209\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:08", "description": "Check for the Version of Miro", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for Miro FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860426", "href": "http://plugins.openvas.org/nasl.php?oid=860426", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for Miro FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"Miro on Fedora 7\";\ntag_insight = \"Miro is a free application that turns your computer into an\n internet TV video player. This release is still a beta version, which means\n that there are some bugs, but we're moving quickly to fix them and will be\n releasing bug fixes on a regular basis.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00559.html\");\n script_id(860426);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for Miro FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of Miro\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"Miro\", rpm:\"Miro~1.1.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:24", "description": "Oracle Linux Local Security Checks ELSA-2008-0207", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0207", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122601", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0207.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122601\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:01 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0207\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0207 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0207\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0207.html\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~14.el5_1.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~14.el5_1.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:56:21", "description": "Check for the Version of openvrml", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for openvrml FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860750", "href": "http://plugins.openvas.org/nasl.php?oid=860750", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvrml FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openvrml on Fedora 7\";\ntag_insight = \"OpenVRML is a VRML/X3D support library, including a runtime and facilities\n for reading and displaying VRML and X3D models.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00563.html\");\n script_id(860750);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for openvrml FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of openvrml\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvrml\", rpm:\"openvrml~0.16.7~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:09", "description": "Check for the Version of kazehakase", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for kazehakase FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860303", "href": "http://plugins.openvas.org/nasl.php?oid=860303", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kazehakase FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kazehakase is a Web browser which aims to provide\n a user interface that is truly user-friendly & fully customizable.\n\n This package uses Gecko for HTML rendering engine.\n If you want to use WebKit for HTML rendering engine, install\n "kazehakase-webkit" rpm instead.\";\n\ntag_affected = \"kazehakase on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00590.html\");\n script_id(860303);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for kazehakase FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of kazehakase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"kazehakase\", rpm:\"kazehakase~0.5.3~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:15", "description": "Check for the Version of openvrml", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for openvrml FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860768", "href": "http://plugins.openvas.org/nasl.php?oid=860768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvrml FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openvrml on Fedora 8\";\ntag_insight = \"OpenVRML is a VRML/X3D support library, including a runtime and facilities\n for reading and displaying VRML and X3D models.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00588.html\");\n script_id(860768);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for openvrml FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of openvrml\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvrml\", rpm:\"openvrml~0.17.5~4.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:29", "description": "Check for the Version of devhelp", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for devhelp FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860255", "href": "http://plugins.openvas.org/nasl.php?oid=860255", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for devhelp FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"devhelp on Fedora 8\";\ntag_insight = \"An API document browser for GNOME 2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00586.html\");\n script_id(860255);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for devhelp FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of devhelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.16.1~6.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:55", "description": "Check for the Version of epiphany", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for epiphany FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860425", "href": "http://plugins.openvas.org/nasl.php?oid=860425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany on Fedora 7\";\ntag_insight = \"epiphany is a simple GNOME web browser based on the Mozilla rendering\n engine.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00554.html\");\n script_id(860425);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for epiphany FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of epiphany\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.18.3~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:00", "description": "Check for the Version of kazehakase", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for kazehakase FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860259", "href": "http://plugins.openvas.org/nasl.php?oid=860259", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kazehakase FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kazehakase is a Web browser which aims to provide\n a user interface that is truly user-friendly & fully customizable.\n\n This package uses Gecko for HTML rendering engine.\n If you want to use WebKit for HTML rendering engine, install\n "kazehakase-webkit" rpm instead.\";\n\ntag_affected = \"kazehakase on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00561.html\");\n script_id(860259);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for kazehakase FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of kazehakase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kazehakase\", rpm:\"kazehakase~0.5.3~5.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:49", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0207 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880202", "href": "http://plugins.openvas.org/nasl.php?oid=880202", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014778.html\");\n script_id(880202);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos4 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:27", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2008:0209-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870046", "href": "http://plugins.openvas.org/nasl.php?oid=870046", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2008:0209-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of some malformed HTML mail\n content. An HTML mail message containing such malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code as the user\n running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\n CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. An HTML\n mail message containing specially-crafted content could, potentially, trick\n a user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-April/msg00006.html\");\n script_id(870046);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0209-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"RedHat Update for thunderbird RHSA-2008:0209-01\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~1.5.0.12~10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:52", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0209 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880088", "href": "http://plugins.openvas.org/nasl.php?oid=880088", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0209 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of some malformed HTML mail\n content. An HTML mail message containing such malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code as the user\n running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\n CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. An HTML\n mail message containing specially-crafted content could, potentially, trick\n a user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-April/014807.html\");\n script_id(880088);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0209\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0209 centos4 i386\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:17", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880257", "href": "http://plugins.openvas.org/nasl.php?oid=880257", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014787.html\");\n script_id(880257);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208 centos4 x86_64\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:02", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0207 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880201", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014780.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880201\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:40", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0207 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880027", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014781.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880027\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:50", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0209 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880088", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0209 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of some malformed HTML mail\n content. An HTML mail message containing such malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code as the user\n running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\n CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. An HTML\n mail message containing specially-crafted content could, potentially, trick\n a user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-April/014807.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880088\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0209\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0209 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:02", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2008:0207-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870050", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2008:0207-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870050\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0207-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"RedHat Update for firefox RHSA-2008:0207-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~14.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~1.5.0.12~14.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~14.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~1.5.0.12~0.14.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:43", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0207 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880202", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014778.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880202\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:47", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2008:0209-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870046", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870046", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2008:0209-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of some malformed HTML mail\n content. An HTML mail message containing such malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code as the user\n running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\n CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. An HTML\n mail message containing specially-crafted content could, potentially, trick\n a user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-April/msg00006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870046\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0209-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"RedHat Update for thunderbird RHSA-2008:0209-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~1.5.0.12~10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:42:00", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880257", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014787.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880257\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~15.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:56", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0207 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014779.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880029\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:08", "description": "Check for the Version of epiphany", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for epiphany FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860581", "href": "http://plugins.openvas.org/nasl.php?oid=860581", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany on Fedora 8\";\ntag_insight = \"epiphany is a simple GNOME web browser based on the Mozilla rendering\n engine.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00579.html\");\n script_id(860581);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for epiphany FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of epiphany\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.20.3~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:21", "description": "Check for the Version of gtkmozembedmm", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gtkmozembedmm FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860283", "href": "http://plugins.openvas.org/nasl.php?oid=860283", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gtkmozembedmm FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gtkmozembedmm on Fedora 8\";\ntag_insight = \"This package provides a C++/gtkmm wrapper for GtkMozEmbed\n from Mozilla 1.4.x to 1.7.x.\n The wrapper provides a convenient interface for C++ programmers\n to use the Gtkmozembed HTML-rendering widget inside their software.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00580.html\");\n script_id(860283);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2682\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for gtkmozembedmm FEDORA-2008-2682\");\n\n script_summary(\"Check for the Version of gtkmozembedmm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtkmozembedmm\", rpm:\"gtkmozembedmm~1.4.2.cvs20060817~19.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:27", "description": "Check for the Version of chmsee", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for chmsee FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860908", "href": "http://plugins.openvas.org/nasl.php?oid=860908", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chmsee FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A gtk2 chm document viewer.\n\n It uses chmlib to extract files. It uses gecko to display pages. It supports\n displaying multilingual pages due to gecko. It features bookmarks and tabs.\n The tabs could be used to jump inside the chm file conveniently. Its UI is\n clean and handy, also is well localized. It is actively developed and\n maintained. The author of chmsee is Jungle Ji and several other great people.\n \n Hint\n * Unlike other chm viewers, chmsee extracts files from chm file, and then read\n and display them. The extracted files could be found in $HOME/.chmsee/bookshelf\n directory. You can clean those files at any time and there is a special config\n option for that.\n * The bookmark is related to each file so not all bookmarks will be loaded,\n only current file's.\n * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade.\";\n\ntag_affected = \"chmsee on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00552.html\");\n script_id(860908);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for chmsee FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of chmsee\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"chmsee\", rpm:\"chmsee~1.0.0~1.30.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:41", "description": "Check for the Version of yelp", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for yelp FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860490", "href": "http://plugins.openvas.org/nasl.php?oid=860490", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for yelp FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"yelp on Fedora 7\";\ntag_insight = \"Yelp is the Gnome 2 help/documentation browser. It is designed\n to help you browse all the documentation on your system in\n one central tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00565.html\");\n script_id(860490);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for yelp FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of yelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.1~10.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:48", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0207 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880027", "href": "http://plugins.openvas.org/nasl.php?oid=880027", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0207 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n Firefox user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All Firefox users should upgrade to these updated packages, which contain\n backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014781.html\");\n script_id(880027);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0207\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for firefox CESA-2008:0207 centos3 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.14.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:12", "description": "Check for the Version of epiphany-extensions", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for epiphany-extensions FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860666", "href": "http://plugins.openvas.org/nasl.php?oid=860666", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany-extensions FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany-extensions on Fedora 7\";\ntag_insight = \"Epiphany Extensions is a collection of extensions for Epiphany, the\n GNOME web browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00555.html\");\n script_id(860666);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for epiphany-extensions FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of epiphany-extensions\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.18.3~8\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:02", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880287", "href": "http://plugins.openvas.org/nasl.php?oid=880287", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of some malformed HTML mail\n content. An HTML mail message containing such malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code as the user\n running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,\n CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. An HTML\n mail message containing specially-crafted content could, potentially, trick\n a user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n All Thunderbird users should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-April/014808.html\");\n script_id(880287);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0209\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:59", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860257", "href": "http://plugins.openvas.org/nasl.php?oid=860257", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 7\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00556.html\");\n script_id(860257);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"Fedora Update for firefox FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~2.0.0.13~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:00", "description": "Check for the Version of ruby-gnome2", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for ruby-gnome2 FEDORA-2008-2662", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2007-6183", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860018", "href": "http://plugins.openvas.org/nasl.php?oid=860018", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby-gnome2 FEDORA-2008-2662\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ruby-gnome2 on Fedora 7\";\ntag_insight = \"This is a set of bindings for the GNOME-2.x libraries for use from Ruby.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00564.html\");\n script_id(860018);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2662\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1234\", \"CVE-2008-1238\", \"CVE-2008-1241\", \"CVE-2007-6183\");\n script_name( \"Fedora Update for ruby-gnome2 FEDORA-2008-2662\");\n\n script_summary(\"Check for the Version of ruby-gnome2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby-gnome2\", rpm:\"ruby-gnome2~0.16.0~22.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:11", "description": "Check for the Version of blam", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for blam FEDORA-2008-2682", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2005-4790", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860135", "href": "http://plugins.openvas.org/nasl.php?oid=860135", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for blam FEDORA-2008-2682\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"blam on Fedora 8\";\ntag_insight = \"Blam is a tool that helps you keep track of the growing\n number of news feeds distributed as RSS. Blam lets you\n subscribe to any number of feeds and provides an easy to\n use and clean interface to stay up to date\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00592.html\");\n script_id(860135);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_b
seamonkey security update
