ID CESA-2020:1429 Type centos Reporter CentOS Project Modified 2020-04-28T00:22:09
Description
CentOS Errata and Security Advisory CESA-2020:1429
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 68.7.0 ESR.
Security Fix(es):
Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)
Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)
Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Merged security bulletin from advisories:
http://lists.centos.org/pipermail/centos-announce/2020-April/035699.html
Affected packages:
firefox
Upstream details at:
{"id": "CESA-2020:1429", "bulletinFamily": "unix", "title": "firefox security update", "description": "**CentOS Errata and Security Advisory** CESA-2020:1429\n\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-April/035699.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "published": "2020-04-28T00:22:09", "modified": "2020-04-28T00:22:09", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://lists.centos.org/pipermail/centos-announce/2020-April/035699.html", "reporter": "CentOS Project", "references": ["http://steadfast.net/", "https://access.redhat.com/errata/RHSA-2020:1429"], "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "type": "centos", "lastseen": "2020-05-02T12:51:18", "edition": 2, "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-6825", "CVE-2020-6822", "CVE-2020-6821"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310883221", "OPENVAS:1361412562310883223", "OPENVAS:1361412562310704656", "OPENVAS:1361412562310853116", "OPENVAS:1361412562310704655", "OPENVAS:1361412562310853106", "OPENVAS:1361412562310883229", "OPENVAS:1361412562310892170", "OPENVAS:1361412562310892172", "OPENVAS:1361412562310816743"]}, {"type": "redhat", "idList": ["RHSA-2020:1406", "RHSA-2020:1489", "RHSA-2020:1420", "RHSA-2020:1429", "RHSA-2020:1496", "RHSA-2020:1404", "RHSA-2020:1488", "RHSA-2020:1495"]}, {"type": "nessus", "idList": ["SL_20200414_FIREFOX_ON_SL6_X.NASL", "REDHAT-RHSA-2020-1429.NASL", "REDHAT-RHSA-2020-1420.NASL", "ORACLELINUX_ELSA-2020-1420.NASL", "SL_20200409_FIREFOX_ON_SL7_X.NASL", "ORACLELINUX_ELSA-2020-1406.NASL", "DEBIAN_DSA-4655.NASL", "CENTOS_RHSA-2020-1429.NASL", "REDHAT-RHSA-2020-1406.NASL", "REDHAT-RHSA-2020-1404.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4655-1:6678A", "DEBIAN:DSA-4656-1:2D5DF", "DEBIAN:DLA-2172-1:B6209", "DEBIAN:DLA-2170-1:F0C8F"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1406", "ELSA-2020-1429", "ELSA-2020-1420", "ELSA-2020-1489", "ELSA-2020-1495", "ELSA-2020-1488"]}, {"type": "kaspersky", "idList": ["KLA11725", "KLA11730", "KLA11726"]}, {"type": "centos", "idList": ["CESA-2020:1489", "CESA-2020:1488"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0493-1", "OPENSUSE-SU-2020:0520-1", "OPENSUSE-SU-2020:0544-1"]}, {"type": "slackware", "idList": ["SSA-2020-098-01"]}, {"type": "ubuntu", "idList": ["USN-4328-1", "USN-4323-1", "USN-4335-1"]}, {"type": "gentoo", "idList": ["GLSA-202004-11"]}, {"type": "archlinux", "idList": ["ASA-202004-8", "ASA-202004-12"]}, {"type": "amazon", "idList": ["ALAS2-2020-1429"]}], "modified": "2020-05-02T12:51:18", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-05-02T12:51:18", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "firefox-68.7.0-2.el6.centos.i686.rpm", "packageName": "firefox", "packageVersion": "68.7.0-2.el6.centos"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "firefox-68.7.0-2.el6.centos.i686.rpm", "packageName": "firefox", "packageVersion": "68.7.0-2.el6.centos"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "firefox-68.7.0-2.el6.centos.x86_64.rpm", "packageName": "firefox", "packageVersion": "68.7.0-2.el6.centos"}, {"OS": "CentOS", "OSVersion": "6", "arch": "any", "operator": "lt", "packageFilename": "firefox-68.7.0-2.el6.centos.src.rpm", "packageName": "firefox", "packageVersion": "68.7.0-2.el6.centos"}], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T22:03:17", "description": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-24T16:15:00", "title": "CVE-2020-6822", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6822"], "modified": "2020-05-01T13:44:00", "cpe": [], "id": "CVE-2020-6822", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6822", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:17", "description": "When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-24T16:15:00", "title": "CVE-2020-6821", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6821"], "modified": "2020-05-01T14:46:00", "cpe": [], "id": "CVE-2020-6821", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6821", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:17", "description": "Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-24T16:15:00", "title": "CVE-2020-6825", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6825"], "modified": "2020-05-01T16:07:00", "cpe": [], "id": "CVE-2020-6825", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6825", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "openvas": [{"lastseen": "2020-05-08T09:12:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "description": "The remote host is missing an update for the ", "modified": "2020-05-05T00:00:00", "published": "2020-04-09T00:00:00", "id": "OPENVAS:1361412562310704655", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704655", "type": "openvas", "title": "Debian: Security Advisory for firefox-esr (DSA-4655-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704655\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-09 03:00:15 +0000 (Thu, 09 Apr 2020)\");\n script_name(\"Debian: Security Advisory for firefox-esr (DSA-4655-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|10)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4655.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4655-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox-esr'\n package(s) announced via the DSA-4655-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'firefox-esr' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 68.7.0esr-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 68.7.0esr-1~deb10u1.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cak\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-ca\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ia\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ka\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kab\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-my\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ne-np\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-oc\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ur\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cak\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-ca\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ia\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ka\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kab\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-my\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ne-np\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-oc\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ur\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"68.7.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cak\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-ca\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ia\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ka\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kab\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-my\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ne-np\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-oc\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ur\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cak\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-ca\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ia\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ka\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kab\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-my\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ne-np\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-oc\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ur\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"68.7.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T09:09:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "description": "The remote host is missing an update for the ", "modified": "2020-05-05T00:00:00", "published": "2020-04-28T00:00:00", "id": "OPENVAS:1361412562310883221", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883221", "type": "openvas", "title": "CentOS: Security Advisory for firefox (CESA-2020:1429)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883221\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-28 03:00:40 +0000 (Tue, 28 Apr 2020)\");\n script_name(\"CentOS: Security Advisory for firefox (CESA-2020:1429)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2020:1429\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-April/035699.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the CESA-2020:1429 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n * Mozilla: Uninitialized memory could be read when using the WebGL\ncopyTexSubImage method (CVE-2020-6821)\n\n * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7\n(CVE-2020-6825)\n\n * Mozilla: Out of bounds write in GMPDecodeData when processing large\nimages (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~68.7.0~2.el6.centos\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-12T15:37:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "The remote host is missing an update for the ", "modified": "2020-05-11T00:00:00", "published": "2020-05-01T00:00:00", "id": "OPENVAS:1361412562310883229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883229", "type": "openvas", "title": "CentOS: Security Advisory for thunderbird (CESA-2020:1489)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883229\");\n script_version(\"2020-05-11T07:05:27+0000\");\n script_cve_id(\"CVE-2020-6819\", \"CVE-2020-6820\", \"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-11 07:05:27 +0000 (Mon, 11 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-01 03:01:20 +0000 (Fri, 01 May 2020)\");\n script_name(\"CentOS: Security Advisory for thunderbird (CESA-2020:1489)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2020:1489\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-April/035710.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the CESA-2020:1489 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.7.0.\n\nSecurity Fix(es):\n\n * Mozilla: Use-after-free while running the nsDocShell destructor\n(CVE-2020-6819)\n\n * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)\n\n * Mozilla: Uninitialized memory could be read when using the WebGL\ncopyTexSubImage method (CVE-2020-6821)\n\n * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7\n(CVE-2020-6825)\n\n * Mozilla: Out of bounds write in GMPDecodeData when processing large\nimages (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'thunderbird' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~68.7.0~1.el7.centos\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T09:10:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "The remote host is missing an update for the ", "modified": "2020-05-05T00:00:00", "published": "2020-04-14T00:00:00", "id": "OPENVAS:1361412562310704656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704656", "type": "openvas", "title": "Debian: Security Advisory for thunderbird (DSA-4656-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704656\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2020-6819\", \"CVE-2020-6820\", \"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-14 03:00:11 +0000 (Tue, 14 Apr 2020)\");\n script_name(\"Debian: Security Advisory for thunderbird (DSA-4656-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|10)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4656.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4656-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the DSA-4656-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues have been found in Thunderbird which could result\nin denial of service or potentially the execution of arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'thunderbird' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 1:68.7.0-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:68.7.0-1~deb10u1.\n\nWe recommend that you upgrade your thunderbird packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-dsb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hsb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-kab\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ast\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-dsb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hsb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-kab\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ms\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cy\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ms\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:68.7.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kk\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ms\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cy\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kk\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ms\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:68.7.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T09:09:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "The remote host is missing an update for the ", "modified": "2020-05-05T00:00:00", "published": "2020-04-09T00:00:00", "id": "OPENVAS:1361412562310892170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892170", "type": "openvas", "title": "Debian LTS: Security Advisory for firefox-esr (DLA-2170-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892170\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2020-6819\", \"CVE-2020-6820\", \"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-09 03:00:11 +0000 (Thu, 09 Apr 2020)\");\n script_name(\"Debian LTS: Security Advisory for firefox-esr (DLA-2170-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00004.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2170-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox-esr'\n package(s) announced via the DLA-2170-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode.\");\n\n script_tag(name:\"affected\", value:\"'firefox-esr' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n68.7.0esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cak\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-ca\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ia\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ka\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kab\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-my\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ne-np\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-oc\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ur\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cak\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-ca\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ia\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ka\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kab\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-my\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ne-np\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-oc\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ur\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"68.7.0esr-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T15:13:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6827", "CVE-2020-6825", "CVE-2020-6821", "CVE-2020-6828"], "description": "This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.", "modified": "2020-04-10T00:00:00", "published": "2020-04-08T00:00:00", "id": "OPENVAS:1361412562310816743", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816743", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates(mfsa_2020-12_2020-13)-MAC OS X", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816743\");\n script_version(\"2020-04-10T03:46:49+0000\");\n script_cve_id(\"CVE-2020-6828\", \"CVE-2020-6827\", \"CVE-2020-6821\", \"CVE-2020-6822\",\n \"CVE-2020-6825\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-10 03:46:49 +0000 (Fri, 10 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-08 15:35:53 +0530 (Wed, 08 Apr 2020)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2020-12_2020-13)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A file overwrite issue in the user's profile directory.\n\n - An uninitialized memory could be read when using the WebGL copyTexSubImage\n method.\n\n - An out of bounds write issue in GMPDecodeData when processing large images.\n\n - Memory safety bugs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote\n attackers to execute arbitrary code and disclose sensitive data.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before\n 68.7 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 68.7\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/firefox/enterprise/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) ) exit( 0 );\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"68.7\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"68.7\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T09:09:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "The remote host is missing an update for the ", "modified": "2020-05-05T00:00:00", "published": "2020-04-28T00:00:00", "id": "OPENVAS:1361412562310883223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883223", "type": "openvas", "title": "CentOS: Security Advisory for thunderbird (CESA-2020:1488)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883223\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2020-6819\", \"CVE-2020-6820\", \"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-28 03:00:53 +0000 (Tue, 28 Apr 2020)\");\n script_name(\"CentOS: Security Advisory for thunderbird (CESA-2020:1488)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2020:1488\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-April/035698.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the CESA-2020:1488 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.7.0.\n\nSecurity Fix(es):\n\n * Mozilla: Use-after-free while running the nsDocShell destructor\n(CVE-2020-6819)\n\n * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)\n\n * Mozilla: Uninitialized memory could be read when using the WebGL\ncopyTexSubImage method (CVE-2020-6821)\n\n * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7\n(CVE-2020-6825)\n\n * Mozilla: Out of bounds write in GMPDecodeData when processing large\nimages (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'thunderbird' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~68.7.0~1.el6.centos\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T15:13:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6827", "CVE-2020-6825", "CVE-2020-6821", "CVE-2020-6828"], "description": "This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.", "modified": "2020-04-10T00:00:00", "published": "2020-04-08T00:00:00", "id": "OPENVAS:1361412562310816742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816742", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates(mfsa_2020-12_2020-13)-Windows", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816742\");\n script_version(\"2020-04-10T03:46:49+0000\");\n script_cve_id(\"CVE-2020-6828\", \"CVE-2020-6827\", \"CVE-2020-6821\", \"CVE-2020-6822\",\n \"CVE-2020-6825\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-10 03:46:49 +0000 (Fri, 10 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-08 13:18:05 +0530 (Wed, 08 Apr 2020)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2020-12_2020-13)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A file overwrite issue in the user's profile directory.\n\n - An uninitialized memory could be read when using the WebGL copyTexSubImage\n method.\n\n - An out of bounds write issue in GMPDecodeData when processing large images.\n\n - Memory safety bugs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote\n attackers to execute arbitrary code and disclose sensitive data.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before\n 68.7 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 68.7\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/firefox/enterprise/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) ) exit( 0 );\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"68.7\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"68.7\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T08:42:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "The remote host is missing an update for the ", "modified": "2020-05-05T00:00:00", "published": "2020-04-24T00:00:00", "id": "OPENVAS:1361412562310853120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853120", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2020:0544-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853120\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2020-6819\", \"CVE-2020-6820\", \"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-24 03:00:36 +0000 (Fri, 24 Apr 2020)\");\n script_name(\"openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2020:0544-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0544-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00034.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaThunderbird'\n package(s) announced via the openSUSE-SU-2020:0544-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MozillaThunderbird to version 68.7.0 fixes the following\n issues:\n\n - CVE-2020-6819: Use-after-free while running the nsDocShell destructor\n (boo#1168630)\n\n - CVE-2020-6820: Use-after-free when handling a ReadableStream\n (boo#1168630)\n\n - CVE-2020-6821: Uninitialized memory could be read when using the WebGL\n copyTexSubImage() (boo#1168874)\n\n - CVE-2020-6822: Out of bounds write in GMPDecodeData when processing\n large images (boo#1168874)\n\n - CVE-2020-6825: Memory safety bugs fixed (boo#1168874)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-544=1\");\n\n script_tag(name:\"affected\", value:\"'MozillaThunderbird' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~68.7.0~lp151.2.35.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~68.7.0~lp151.2.35.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~68.7.0~lp151.2.35.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~68.7.0~lp151.2.35.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~68.7.0~lp151.2.35.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T08:41:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6827", "CVE-2020-6825", "CVE-2020-6821", "CVE-2020-6828"], "description": "The remote host is missing an update for the ", "modified": "2020-05-05T00:00:00", "published": "2020-04-11T00:00:00", "id": "OPENVAS:1361412562310853106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853106", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2020:0493-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853106\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\", \"CVE-2020-6827\", \"CVE-2020-6828\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-11 03:00:37 +0000 (Sat, 11 Apr 2020)\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2020:0493-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0493-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00012.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the openSUSE-SU-2020:0493-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox to version 68.7.0 ESR fixes the following\n issues:\n\n - CVE-2020-6821: Uninitialized memory could be read when using the WebGL\n copyTexSubImage method (bsc#1168874).\n\n - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when\n processing large images (bsc#1168874).\n\n - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874).\n\n - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874).\n\n - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-493=1\");\n\n script_tag(name:\"affected\", value:\"'MozillaFirefox' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~68.7.0~lp151.2.42.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~68.7.0~lp151.2.42.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~68.7.0~lp151.2.42.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~68.7.0~lp151.2.42.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~68.7.0~lp151.2.42.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~68.7.0~lp151.2.42.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~68.7.0~lp151.2.42.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~68.7.0~lp151.2.42.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-05-02T09:48:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6821", "CVE-2020-6822", "CVE-2020-6825"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-14T11:08:17", "published": "2020-04-14T10:52:26", "id": "RHSA-2020:1429", "href": "https://access.redhat.com/errata/RHSA-2020:1429", "type": "redhat", "title": "(RHSA-2020:1429) Important: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T09:48:00", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6821", "CVE-2020-6822", "CVE-2020-6825"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-09T13:14:29", "published": "2020-04-09T12:57:47", "id": "RHSA-2020:1420", "href": "https://access.redhat.com/errata/RHSA-2020:1420", "type": "redhat", "title": "(RHSA-2020:1420) Important: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T09:46:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6821", "CVE-2020-6822", "CVE-2020-6825"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-08T19:56:33", "published": "2020-04-08T19:36:05", "id": "RHSA-2020:1406", "href": "https://access.redhat.com/errata/RHSA-2020:1406", "type": "redhat", "title": "(RHSA-2020:1406) Important: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T09:47:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6821", "CVE-2020-6822", "CVE-2020-6825"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-08T17:21:44", "published": "2020-04-08T16:48:20", "id": "RHSA-2020:1404", "href": "https://access.redhat.com/errata/RHSA-2020:1404", "type": "redhat", "title": "(RHSA-2020:1404) Important: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T09:47:59", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6819", "CVE-2020-6820", "CVE-2020-6821", "CVE-2020-6822", "CVE-2020-6825"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.7.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)\n\n* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-17T00:15:39", "published": "2020-04-17T00:08:29", "id": "RHSA-2020:1496", "href": "https://access.redhat.com/errata/RHSA-2020:1496", "type": "redhat", "title": "(RHSA-2020:1496) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T09:47:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6819", "CVE-2020-6820", "CVE-2020-6821", "CVE-2020-6822", "CVE-2020-6825"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.7.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)\n\n* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-17T00:20:37", "published": "2020-04-17T00:07:30", "id": "RHSA-2020:1495", "href": "https://access.redhat.com/errata/RHSA-2020:1495", "type": "redhat", "title": "(RHSA-2020:1495) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T09:49:24", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6819", "CVE-2020-6820", "CVE-2020-6821", "CVE-2020-6822", "CVE-2020-6825"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.7.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)\n\n* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-16T13:27:34", "published": "2020-04-16T13:13:40", "id": "RHSA-2020:1489", "href": "https://access.redhat.com/errata/RHSA-2020:1489", "type": "redhat", "title": "(RHSA-2020:1489) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T09:49:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6819", "CVE-2020-6820", "CVE-2020-6821", "CVE-2020-6822", "CVE-2020-6825"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.7.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)\n\n* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-16T13:29:15", "published": "2020-04-16T13:13:38", "id": "RHSA-2020:1488", "href": "https://access.redhat.com/errata/RHSA-2020:1488", "type": "redhat", "title": "(RHSA-2020:1488) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-05-02T12:47:50", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "description": "[68.7.0-2.0.1]\n- Remove upstream references [Orabug: 30143292]\n- Update distribution for Oracle Linux [Orabug: 30143292]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[68.7.0-2]\n- Update to 68.7.0 build3", "edition": 3, "modified": "2020-04-11T00:00:00", "published": "2020-04-11T00:00:00", "id": "ELSA-2020-1420", "href": "http://linux.oracle.com/errata/ELSA-2020-1420.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-09T10:43:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821", "CVE-2017-5428"], "description": "[68.7.0-2.0.1.el8_1]\n- Rebuild to pickup Oracle default bookmarks [Orabug: 30069264]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n- Remove upstream references [Orabug: 30530527]\n[68.7.0-2]\n- Update to 68.7.0 build3\n[68.6.1-1]\n- Update to 68.6.1 ESR\n* Wed Mar 04 2020 Jan Horak \n- Update to 68.6.0 build1\n[68.5.0-3]\n- Added fix for rhbz#1805667\n- Enabled mzbz@1170092 - Firefox prefs at /etc\n* Fri Feb 07 2020 Jan Horak \n- Update to 68.5.0 build2\n* Wed Feb 05 2020 Jan Horak \n- Update to 68.5.0 build1\n* Wed Jan 08 2020 Jan Horak \n- Update to 68.4.1esr build1\n* Fri Jan 03 2020 Jan Horak \n- Update to 68.4.0esr build1\n* Wed Dec 18 2019 Jan Horak \n- Fix for wrong intl.accept_lang when using non en-us langpack\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2020-04-09T00:00:00", "published": "2020-04-09T00:00:00", "id": "ELSA-2020-1406", "href": "http://linux.oracle.com/errata/ELSA-2020-1406.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-08T01:31:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821", "CVE-2017-5428"], "description": "[68.7.0-2.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n[68.7.0-2]\n- Update to 68.7.0 build3\n[68.6.1-1]\n- Update to 68.6.1 ESR\n* Wed Mar 04 2020 Jan Horak \n- Update to 68.6.0 build1\n[68.5.0-3]\n- Added fix for rhbz#1805667\n- Enabled mzbz@1170092 - Firefox prefs at /etc\n* Fri Feb 07 2020 Jan Horak \n- Update to 68.5.0 build2\n* Wed Feb 05 2020 Jan Horak \n- Update to 68.5.0 build1\n* Wed Jan 08 2020 Jan Horak \n- Update to 68.4.1esr build1\n* Fri Jan 03 2020 Jan Horak \n- Update to 68.4.0esr build1\n* Wed Dec 18 2019 Jan Horak \n- Fix for wrong intl.accept_lang when using non en-us langpack\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-1429", "href": "http://linux.oracle.com/errata/ELSA-2020-1429.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T12:53:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "[68.7.0-1.0.1.el8_1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[68.7.0-1]\n- Update to 68.7.0 build1", "edition": 2, "modified": "2020-04-18T00:00:00", "published": "2020-04-18T00:00:00", "id": "ELSA-2020-1495", "href": "http://linux.oracle.com/errata/ELSA-2020-1495.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T12:53:00", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "[68.7.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[68.7.0-1]\n- Update to 68.7.0 build1", "edition": 3, "modified": "2020-04-17T00:00:00", "published": "2020-04-17T00:00:00", "id": "ELSA-2020-1489", "href": "http://linux.oracle.com/errata/ELSA-2020-1489.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-08T01:34:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": " ", "edition": 1, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-1488", "href": "http://linux.oracle.com/errata/ELSA-2020-1488.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-01-11T01:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4655-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 08, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2020-6821 CVE-2020-6822 CVE-2020-6825\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary code.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 68.7.0esr-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 68.7.0esr-1~deb10u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 13, "modified": "2020-04-08T17:22:37", "published": "2020-04-08T17:22:37", "id": "DEBIAN:DSA-4655-1:6678A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00058.html", "title": "[SECURITY] [DSA 4655-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-17T13:40:18", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4656-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 13, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 \n CVE-2020-6825\n\nMultiple security issues have been found in Thunderbird which could result\nin denial of service or potentially the execution of arbitrary code.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1:68.7.0-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:68.7.0-1~deb10u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 16, "modified": "2020-04-13T19:43:18", "published": "2020-04-13T19:43:18", "id": "DEBIAN:DSA-4656-1:2D5DF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00059.html", "title": "[SECURITY] [DSA 4656-1] thunderbird security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:02:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "Package : thunderbird\nVersion : 1:68.7.0-1~deb8u1\nCVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822\n CVE-2020-6825\n\nMultiple security issues have been found in Thunderbird which could result\nin denial of service or potentially the execution of arbitrary code.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:68.7.0-1~deb8u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 6, "modified": "2020-04-14T10:27:52", "published": "2020-04-14T10:27:52", "id": "DEBIAN:DLA-2172-1:B6209", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202004/msg00006.html", "title": "[SECURITY] [DLA 2172-1] thunderbird security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:58:04", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "Package : firefox-esr\nVersion : 68.7.0esr-1~deb8u1\nCVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822\n CVE-2020-6825\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n68.7.0esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 6, "modified": "2020-04-08T11:36:36", "published": "2020-04-08T11:36:36", "id": "DEBIAN:DLA-2170-1:F0C8F", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202004/msg00004.html", "title": "[SECURITY] [DLA 2170-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-11-19T05:29:19", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1406 advisory.\n\n - Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 4, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-09T00:00:00", "title": "RHEL 8 : firefox (RHSA-2020:1406)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-06-09T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:8.1", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/a:redhat:rhel_eus:8.1::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/a:redhat:rhel_eus:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.1", "cpe:/a:redhat:rhel_tus:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/a:redhat:rhel_e4s:8.1::appstream", "cpe:/a:redhat:enterprise_linux:8::appstream", "p-cpe:/a:redhat:enterprise_linux:firefox-debugsource", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/a:redhat:rhel_eus:8.2::appstream"], "id": "REDHAT-RHSA-2020-1406.NASL", "href": "https://www.tenable.com/plugins/nessus/137246", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1406. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137246);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/18\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_xref(name:\"RHSA\", value:\"2020:1406\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2020:1406)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1406 advisory.\n\n - Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821682\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox and / or firefox-debugsource packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6825\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(119, 120);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_aus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.4::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_tus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debugsource\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:1406');\n}\n\npkgs = [\n {'reference':'firefox-68.7.0-2.el8_1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'firefox-68.7.0-2.el8_1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'firefox-68.7.0-2.el8_1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'firefox-debugsource-68.7.0-2.el8_1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'firefox-debugsource-68.7.0-2.el8_1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'firefox-debugsource-68.7.0-2.el8_1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream', 'rhel_eus_8_2_appstream']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-debugsource');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-19T05:29:19", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1404 advisory.\n\n - Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 4, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-09T00:00:00", "title": "RHEL 8 : firefox (RHSA-2020:1404)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-06-09T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/a:redhat:rhel_e4s:8.0::appstream", "p-cpe:/a:redhat:enterprise_linux:firefox-debugsource", "cpe:/o:redhat:rhel_e4s:8.0"], "id": "REDHAT-RHSA-2020-1404.NASL", "href": "https://www.tenable.com/plugins/nessus/137245", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1404. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137245);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/18\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_xref(name:\"RHSA\", value:\"2020:1404\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2020:1404)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1404 advisory.\n\n - Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821682\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox and / or firefox-debugsource packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6825\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(119, 120);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.0::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debugsource\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_0_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:1404');\n}\n\npkgs = [\n {'reference':'firefox-68.7.0-2.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'firefox-68.7.0-2.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'firefox-68.7.0-2.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'firefox-debugsource-68.7.0-2.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'firefox-debugsource-68.7.0-2.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'firefox-debugsource-68.7.0-2.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-debugsource');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T05:59:10", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1429 advisory.\n\n - Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {}, "published": "2020-04-14T00:00:00", "title": "RHEL 6 : firefox (RHSA-2020:1429)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-04-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server"], "id": "REDHAT-RHSA-2020-1429.NASL", "href": "https://www.tenable.com/plugins/nessus/135415", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135415);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_xref(name:\"RHSA\", value:\"2020:1429\");\n\n script_name(english:\"RHEL 6 : firefox (RHSA-2020:1429)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1429 advisory.\n\n - Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821682\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6825\");\n script_cwe_id(119, 120);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_computenode': [\n 'rhel-6-for-hpc-node-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-fastrack-rpms',\n 'rhel-6-for-hpc-node-fastrack-source-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-6-hpc-node-debug-rpms',\n 'rhel-6-hpc-node-optional-debug-rpms',\n 'rhel-6-hpc-node-optional-rpms',\n 'rhel-6-hpc-node-optional-source-rpms',\n 'rhel-6-hpc-node-rpms',\n 'rhel-6-hpc-node-source-rpms',\n 'rhel-hpc-node-6-eus-sfs-debug-rpms',\n 'rhel-hpc-node-6-eus-sfs-source-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-debug-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-for-system-z-debug-rpms',\n 'rhel-6-for-system-z-fastrack-debug-rpms',\n 'rhel-6-for-system-z-fastrack-rpms',\n 'rhel-6-for-system-z-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-rpms',\n 'rhel-6-for-system-z-optional-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-rpms',\n 'rhel-6-for-system-z-optional-source-rpms',\n 'rhel-6-for-system-z-rpms',\n 'rhel-6-for-system-z-source-rpms',\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:1429');\n}\n\npkgs = [\n {'reference':'firefox-68.7.0-2.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'firefox-68.7.0-2.el6_10', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'firefox-68.7.0-2.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T17:22:28", "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode.", "edition": 4, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "title": "Debian DSA-4655-1 : firefox-esr - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-04-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:firefox-esr", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4655.NASL", "href": "https://www.tenable.com/plugins/nessus/135366", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4655. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135366);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_xref(name:\"DSA\", value:\"4655\");\n\n script_name(english:\"Debian DSA-4655-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4655\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 68.7.0esr-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 68.7.0esr-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-af\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-all\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-an\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-as\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-az\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-be\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-br\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-cak\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-da\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-de\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-el\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-et\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-he\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ia\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-id\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-is\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-it\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ka\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-kab\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-km\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-my\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ne-np\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-oc\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-or\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-si\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-son\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-te\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-th\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ur\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"68.7.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-dev\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-af\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-all\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-an\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-as\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-az\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-br\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cak\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-da\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-de\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-el\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-et\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-he\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-id\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-is\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-it\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ka\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kab\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-km\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-or\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-si\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-son\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-te\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-th\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-dev\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ach\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-af\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-all\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-an\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ar\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-as\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ast\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-az\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bg\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-br\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bs\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ca\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cak\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cs\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cy\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-da\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-de\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-el\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-eo\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-et\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-eu\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fa\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ff\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fi\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gd\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gn\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-he\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hu\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-id\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-is\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-it\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ja\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ka\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kab\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kk\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-km\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kn\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ko\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lij\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lt\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lv\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mai\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mk\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ml\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ms\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-or\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-rm\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ro\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ru\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-si\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sk\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sl\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-son\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sq\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ta\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-te\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-th\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-tr\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-uk\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-uz\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-vi\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-xh\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"68.7.0esr-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:41:57", "description": "Security Fix(es) :\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)", "edition": 5, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-15T00:00:00", "title": "Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200414)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-04-15T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200414_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135575", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135575);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200414)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=1697\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9ca31e3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-68.7.0-2.el6_10\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-68.7.0-2.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T13:23:37", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1429 advisory.\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-28T00:00:00", "title": "CentOS 6 : firefox (CESA-2020:1429)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-04-28T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS_RHSA-2020-1429.NASL", "href": "https://www.tenable.com/plugins/nessus/136016", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1429 and \n# CentOS Errata and Security Advisory 2020:1429 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136016);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_xref(name:\"RHSA\", value:\"2020:1429\");\n\n script_name(english:\"CentOS 6 : firefox (CESA-2020:1429)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1429 advisory.\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-April/035699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2cc4842\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6825\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-68.7.0-2.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:41:57", "description": "This update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es) :\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)", "edition": 5, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-21T00:00:00", "title": "Scientific Linux Security Update : firefox on SL7.x x86_64 (20200409)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-04-21T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200409_FIREFOX_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135844", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135844);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL7.x x86_64 (20200409)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es) :\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=2669\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb13a192\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-68.7.0-2.el7_8\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-68.7.0-2.el7_8\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:30:32", "description": "From Red Hat Security Advisory 2020:1420 :\n\nThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1420 advisory.\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 7, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-14T00:00:00", "title": "Oracle Linux 7 : firefox (ELSA-2020-1420)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-04-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-1420.NASL", "href": "https://www.tenable.com/plugins/nessus/135431", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1420 and \n# Oracle Linux Security Advisory ELSA-2020-1420 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135431);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_xref(name:\"RHSA\", value:\"2020:1420\");\n\n script_name(english:\"Oracle Linux 7 : firefox (ELSA-2020-1420)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:1420 :\n\nThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1420 advisory.\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-April/009804.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-68.7.0-2.0.1.el7_8\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:30:31", "description": "From Red Hat Security Advisory 2020:1406 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1406 advisory.\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "title": "Oracle Linux 8 : firefox (ELSA-2020-1406)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-04-10T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2020-1406.NASL", "href": "https://www.tenable.com/plugins/nessus/135380", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1406 and \n# Oracle Linux Security Advisory ELSA-2020-1406 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135380);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/10\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_xref(name:\"RHSA\", value:\"2020:1406\");\n\n script_name(english:\"Oracle Linux 8 : firefox (ELSA-2020-1406)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:1406 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1406 advisory.\n\n - Mozilla: Uninitialized memory could be read when using\n the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when\n processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and\n Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-April/009787.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"firefox-68.7.0-2.0.1.el8_1\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T05:59:09", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1420 advisory.\n\n - Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {}, "published": "2020-04-09T00:00:00", "title": "RHEL 7 : firefox (RHSA-2020:1420)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821"], "modified": "2020-04-09T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client"], "id": "REDHAT-RHSA-2020-1420.NASL", "href": "https://www.tenable.com/plugins/nessus/135288", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1420. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135288);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\"CVE-2020-6821\", \"CVE-2020-6822\", \"CVE-2020-6825\");\n script_xref(name:\"RHSA\", value:\"2020:1420\");\n\n script_name(english:\"RHEL 7 : firefox (RHSA-2020:1420)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1420 advisory.\n\n - Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n - Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\n - Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821682\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6825\");\n script_cwe_id(119, 120);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:1420');\n}\n\npkgs = [\n {'reference':'firefox-68.7.0-2.el7_8', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'firefox-68.7.0-2.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'firefox-68.7.0-2.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:35", "bulletinFamily": "info", "cvelist": ["CVE-2020-6822", "CVE-2020-6827", "CVE-2020-6825", "CVE-2020-6821", "CVE-2020-6828"], "description": "### *Detect date*:\n04/07/2020\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.\n\n### *Affected products*:\nMozilla Firefox ESR earlier than 68.7\n\n### *Solution*:\nUpdate to the latest version \n[Download Firefox ESR](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MSFA2020-13](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox ESR](<https://threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/>)\n\n### *CVE-IDS*:\n[CVE-2020-6822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6822>)0.0Unknown \n[CVE-2020-6825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825>)0.0Unknown \n[CVE-2020-6821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6821>)0.0Unknown \n[CVE-2020-6827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6827>)0.0Unknown \n[CVE-2020-6828](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6828>)0.0Unknown", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2020-04-07T00:00:00", "id": "KLA11726", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11726", "title": "\r KLA11726Multiple vulnerabilities in Mozilla Firefox ESR ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-02T11:52:40", "bulletinFamily": "info", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "### *Detect date*:\n04/09/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information.\n\n### *Affected products*:\nMozilla Thunderbird earlier than 68.7\n\n### *Solution*:\nUpdate to the latest version \n[Download Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[mfsa2020-14](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2020-6819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6819>)0.0Unknown \n[CVE-2020-6820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6820>)0.0Unknown \n[CVE-2020-6822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6822>)0.0Unknown \n[CVE-2020-6825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825>)0.0Unknown \n[CVE-2020-6821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6821>)0.0Unknown", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2020-04-09T00:00:00", "id": "KLA11730", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11730", "title": "\r KLA11730Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-02T12:03:27", "bulletinFamily": "info", "cvelist": ["CVE-2020-6826", "CVE-2020-6824", "CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821", "CVE-2020-6823"], "description": "### *Detect date*:\n04/07/2020\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.\n\n### *Affected products*:\nMozilla Firefox earlier than 75\n\n### *Solution*:\nUpdate to the latest version \n[Download Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA2020-12](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2020-6822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6822>)0.0Unknown \n[CVE-2020-6825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825>)0.0Unknown \n[CVE-2020-6826](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6826>)0.0Unknown \n[CVE-2020-6821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6821>)0.0Unknown \n[CVE-2020-6823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6823>)0.0Unknown \n[CVE-2020-6824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6824>)0.0Unknown", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2020-04-07T00:00:00", "id": "KLA11725", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11725", "title": "\r KLA11725Multiple vulnerabilities in Mozilla Firefox ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-04-10T14:43:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6827", "CVE-2020-6825", "CVE-2020-6821", "CVE-2020-6828"], "description": "This update for MozillaFirefox to version 68.7.0 ESR fixes the following\n issues:\n\n - CVE-2020-6821: Uninitialized memory could be read when using the WebGL\n copyTexSubImage method (bsc#1168874).\n - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when\n processing large images (bsc#1168874).\n - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874).\n - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874).\n - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-04-10T12:13:11", "published": "2020-04-10T12:13:11", "id": "OPENSUSE-SU-2020:0493-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00012.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-04-23T16:52:14", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "This update for MozillaThunderbird to version 68.7.0 fixes the following\n issues:\n\n - CVE-2020-6819: Use-after-free while running the nsDocShell destructor\n (boo#1168630)\n - CVE-2020-6820: Use-after-free when handling a ReadableStream\n (boo#1168630)\n - CVE-2020-6821: Uninitialized memory could be read when using the WebGL\n copyTexSubImage() (boo#1168874)\n - CVE-2020-6822: Out of bounds write in GMPDecodeData when processing\n large images (boo#1168874)\n - CVE-2020-6825: Memory safety bugs fixed (boo#1168874)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-04-23T15:30:04", "published": "2020-04-23T15:30:04", "id": "OPENSUSE-SU-2020:0544-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00034.html", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-04-15T10:39:48", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "This update for MozillaThunderbird to version 68.7.0 fixes the following\n issues:\n\n - CVE-2020-6819: Use-after-free while running the nsDocShell destructor\n (boo#1168630)\n - CVE-2020-6820: Use-after-free when handling a ReadableStream\n (boo#1168630)\n - CVE-2020-6821: Uninitialized memory could be read when using the WebGL\n copyTexSubImage() (boo#1168874)\n - CVE-2020-6822: Out of bounds write in GMPDecodeData when processing\n large images (boo#1168874)\n - CVE-2020-6825: Memory safety bugs fixed (boo#1168874)\n\n", "edition": 1, "modified": "2020-04-15T09:12:46", "published": "2020-04-15T09:12:46", "id": "OPENSUSE-SU-2020:0520-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00023.html", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "centos": [{"lastseen": "2020-05-02T12:50:50", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "**CentOS Errata and Security Advisory** CESA-2020:1488\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.7.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)\n\n* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-April/035698.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 2, "modified": "2020-04-28T00:21:12", "published": "2020-04-28T00:21:12", "id": "CESA-2020:1488", "href": "http://lists.centos.org/pipermail/centos-announce/2020-April/035698.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-02T12:53:21", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6825", "CVE-2020-6821"], "description": "**CentOS Errata and Security Advisory** CESA-2020:1489\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.7.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)\n\n* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-April/035710.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 2, "modified": "2020-04-30T19:57:02", "published": "2020-04-30T19:57:02", "id": "CESA-2020:1489", "href": "http://lists.centos.org/pipermail/centos-announce/2020-April/035710.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:01", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6821", "CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6827", "CVE-2020-6828"], "description": "New mozilla-firefox packages are available for Slackware 14.2 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mozilla-firefox-68.7.0esr-i686-1_slack14.2.txz: Upgraded.\n This release contains security fixes and improvements.\n For more information, see:\n https://www.mozilla.org/en-US/firefox/68.7.0/releasenotes/\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6828\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6827\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6821\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6822\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.7.0esr-i686-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.7.0esr-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.7.0esr-i686-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.7.0esr-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 package:\nc567b1460a1cd42038a4441ae5fea231 mozilla-firefox-68.7.0esr-i686-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n17a1b47c6654d0f355e392851d8854da mozilla-firefox-68.7.0esr-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nf0a5d220eab61b891878575a573bc271 xap/mozilla-firefox-68.7.0esr-i686-1.txz\n\nSlackware x86_64 -current package:\na4b76df826ce4d0981876c1c89d444ae xap/mozilla-firefox-68.7.0esr-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mozilla-firefox-68.7.0esr-i686-1_slack14.2.txz", "modified": "2020-04-07T22:50:22", "published": "2020-04-07T22:50:22", "id": "SSA-2020-098-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.385260", "type": "slackware", "title": "[slackware-security] mozilla-firefox", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6826", "CVE-2020-6824", "CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821", "CVE-2020-6823"], "description": "Multiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service, obtain sensitive \ninformation, or execute arbitrary code. (CVE-2020-6821, CVE-2020-6822, \nCVE-2020-6824, CVE-2020-6825, CVE-2020-6826)\n\nIt was discovered that extensions could obtain auth codes from OAuth login \nflows in some circumstances. If a user were tricked in to installing a \nspecially crafted extension, an attacker could potentially exploit this to \nobtain access to the user's account. (CVE-2020-6823)", "edition": 3, "modified": "2020-04-07T00:00:00", "published": "2020-04-07T00:00:00", "id": "USN-4323-1", "href": "https://ubuntu.com/security/notices/USN-4323-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:34:13", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6795", "CVE-2020-6822", "CVE-2020-6811", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-6800", "CVE-2020-6794", "CVE-2020-6806", "CVE-2020-6825", "CVE-2020-6793", "CVE-2020-6805", "CVE-2020-6821", "CVE-2020-6814", "CVE-2020-6807", "CVE-2020-6798", "CVE-2020-6792", "CVE-2020-6812", "CVE-2019-20503"], "description": "It was discovered that Message ID calculation was based on uninitialized \ndata. An attacker could potentially exploit this to obtain sensitive \ninformation. (CVE-2020-6792)\n\nMutiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted message, an attacker could \npotentially exploit these to cause a denial of service, obtain sensitive \ninformation, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, \nCVE-2020-6822)\n\nIt was discovered that if a user saved passwords before Thunderbird 60 \nand then later set a master password, an unencrypted copy of these \npasswords would still be accessible. A local user could exploit this to \nobtain sensitive information. (CVE-2020-6794)\n\nMultiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted website in a browsing context, \nan attacker could potentially exploit these to cause a denial of service, \nconduct cross-site scripting (XSS) attacks, obtain sensitive information, \nor execute arbitrary code. (CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, \nCVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, \nCVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825)\n\nIt was discovered that the Devtools\u2019 \u2018Copy as cURL\u2019 feature did not \nfully escape website-controlled data. If a user were tricked in to using \nthe \u2018Copy as cURL\u2019 feature to copy and paste a command with specially \ncrafted data in to a terminal, an attacker could potentially exploit this \nto execute arbitrary commands via command injection. (CVE-2020-6811)", "edition": 2, "modified": "2020-04-13T00:00:00", "published": "2020-04-13T00:00:00", "id": "USN-4328-1", "href": "https://ubuntu.com/security/notices/USN-4328-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:43:24", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6795", "CVE-2020-6822", "CVE-2019-11758", "CVE-2020-6811", "CVE-2019-11761", "CVE-2020-6820", "CVE-2020-6819", "CVE-2019-11755", "CVE-2019-11759", "CVE-2020-6800", "CVE-2020-6794", "CVE-2020-6806", "CVE-2020-6825", "CVE-2020-6793", "CVE-2019-17010", "CVE-2019-11762", "CVE-2019-17022", "CVE-2020-6805", "CVE-2020-6821", "CVE-2019-17012", "CVE-2020-6814", "CVE-2019-17024", "CVE-2019-17017", "CVE-2020-6807", "CVE-2019-17005", "CVE-2019-11764", "CVE-2020-6798", "CVE-2019-15903", "CVE-2020-6792", "CVE-2019-11757", "CVE-2019-11763", "CVE-2019-17008", "CVE-2019-17016", "CVE-2019-11745", "CVE-2020-6812", "CVE-2019-20503", "CVE-2019-11760", "CVE-2019-17011", "CVE-2019-17026"], "description": "Multiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted website in a browsing context, \nan attacker could potentially exploit these to cause a denial of service, \nobtain sensitive information, bypass security restrictions, bypass \nsame-origin restrictions, conduct cross-site scripting (XSS) attacks, or \nexecute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, \nCVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, \nCVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, \nCVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, \nCVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, \nCVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, \nCVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, \nCVE-2020-6825)\n\nIt was discovered that NSS incorrectly handled certain memory operations. \nA remote attacker could potentially exploit this to cause a denial of \nservice, or execute arbitrary code. (CVE-2019-11745)\n\nIt was discovered that a specially crafted S/MIME message with an inner \nencryption layer could be displayed as having a valid signature in some \ncircumstances, even if the signer had no access to the encrypted message. \nAn attacker could potentially exploit this to spoof the message author. \n(CVE-2019-11755)\n\nA heap overflow was discovered in the expat library in Thunderbird. If a \nuser were tricked in to opening a specially crafted message, an attacker \ncould potentially exploit this to cause a denial of service, or execute \narbitrary code. (CVE-2019-15903)\n\nIt was discovered that Message ID calculation was based on uninitialized \ndata. An attacker could potentially exploit this to obtain sensitive \ninformation. (CVE-2020-6792)\n\nMutiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted message, an attacker could \npotentially exploit these to cause a denial of service, obtain sensitive \ninformation, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, \nCVE-2020-6822)\n\nIt was discovered that if a user saved passwords before Thunderbird 60 and \nthen later set a master password, an unencrypted copy of these passwords \nwould still be accessible. A local user could exploit this to obtain \nsensitive information. (CVE-2020-6794)\n\nIt was discovered that the Devtools\u2019 \u2018Copy as cURL\u2019 feature did not \nfully escape website-controlled data. If a user were tricked in to using \nthe \u2018Copy as cURL\u2019 feature to copy and paste a command with specially \ncrafted data in to a terminal, an attacker could potentially exploit this \nto execute arbitrary commands via command injection. (CVE-2020-6811)", "edition": 2, "modified": "2020-04-21T00:00:00", "published": "2020-04-21T00:00:00", "id": "USN-4335-1", "href": "https://ubuntu.com/security/notices/USN-4335-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2020-04-23T18:52:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6826", "CVE-2020-6824", "CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821", "CVE-2020-6823"], "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process, an information leak or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-68.7.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-68.7.0\"", "edition": 1, "modified": "2020-04-23T00:00:00", "published": "2020-04-23T00:00:00", "id": "GLSA-202004-11", "href": "https://security.gentoo.org/glsa/202004-11", "title": "Mozilla Firefox: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6821", "CVE-2020-6823", "CVE-2020-6824", "CVE-2020-6825", "CVE-2020-6826"], "description": "Arch Linux Security Advisory ASA-202004-8\n=========================================\n\nSeverity: Critical\nDate : 2020-04-08\nCVE-ID : CVE-2020-6821 CVE-2020-6823 CVE-2020-6824 CVE-2020-6825\nCVE-2020-6826\nPackage : firefox\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1127\n\nSummary\n=======\n\nThe package firefox before version 75.0-1 is vulnerable to multiple\nissues including arbitrary code execution, information disclosure and\naccess restriction bypass.\n\nResolution\n==========\n\nUpgrade to 75.0-1.\n\n# pacman -Syu \"firefox>=75.0-1\"\n\nThe problems have been fixed upstream in version 75.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-6821 (information disclosure)\n\nAn information disclosure issue has been found in Firefox before 75.0.\nWhen reading from areas partially or fully outside the source resource\nwith WebGL's copyTexSubImage method, the specification requires the\nreturned values be zero. Previously, this memory was uninitialized,\nleading to potentially sensitive data disclosure.\n\n- CVE-2020-6823 (access restriction bypass)\n\nA security issue has been found in Firefox before 75.0, where a\nmalicious extension could have called\nbrowser.identity.launchWebAuthFlow, controlling the redirect_uri, and\nthrough the Promise returned, obtain the Auth code and gain access to\nthe user's account at the service provider.\n\n- CVE-2020-6824 (information disclosure)\n\nA security issue has been found in Firefox before 75.0, where generated\npasswords may be identical on the same site between separate private\nbrowsing sessions. Initially, a user opens a Private Browsing Window\nand generates a password for a site, then closes the Private Browsing\nWindow but leaves Firefox open. Subsequently, if the user had opened a\nnew Private Browsing Window, revisited the same site, and generated a\nnew password - the generated passwords would have been identical,\nrather than independent.\n\n- CVE-2020-6825 (arbitrary code execution)\n\nSeveral memory safety issues have been found in Firefox before 75.0.\nSome of these bugs showed evidence of memory corruption and Mozilla\npresumes that with enough effort some of these could have been\nexploited to run arbitrary code.\n\n- CVE-2020-6826 (arbitrary code execution)\n\nSeveral memory safety issues have been found in Firefox before 75.0.\nSome of these bugs showed evidence of memory corruption and Mozilla\npresumes that with enough effort some of these could have been\nexploited to run arbitrary code.\n\nImpact\n======\n\nA remote attacker might be able to access sensitive information, bypass\nsecurity restrictions or execute arbitrary code.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1625404\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1614919\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6824\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1621853\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6825\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1572541%2C1620193%2C1620203\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1613009%2C1613195%2C1616734%2C1617488%2C1619229%2C1620719%2C1624897\nhttps://security.archlinux.org/CVE-2020-6821\nhttps://security.archlinux.org/CVE-2020-6823\nhttps://security.archlinux.org/CVE-2020-6824\nhttps://security.archlinux.org/CVE-2020-6825\nhttps://security.archlinux.org/CVE-2020-6826", "modified": "2020-04-08T00:00:00", "published": "2020-04-08T00:00:00", "id": "ASA-202004-8", "href": "https://security.archlinux.org/ASA-202004-8", "type": "archlinux", "title": "[ASA-202004-8] firefox: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6815", "CVE-2020-6819", "CVE-2020-6820", "CVE-2020-6821"], "description": "Arch Linux Security Advisory ASA-202004-12\n==========================================\n\nSeverity: Critical\nDate : 2020-04-13\nCVE-ID : CVE-2020-6815 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821\nPackage : thunderbird\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1132\n\nSummary\n=======\n\nThe package thunderbird before version 68.7.0-1 is vulnerable to\nmultiple issues including arbitrary code execution and information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 68.7.0-1.\n\n# pacman -Syu \"thunderbird>=68.7.0-1\"\n\nThe problems have been fixed upstream in version 68.7.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-6815 (arbitrary code execution)\n\nSeveral memory safety and script safety bugs have been found in Firefox\nbefore 74 and Thunderbird before 68.7.0. Some of these bugs showed\nevidence of memory corruption or escalation of privilege and Mozilla\npresumes that with enough effort some of these could have been\nexploited to run arbitrary code.\n\n- CVE-2020-6819 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox before 74.0.1\nand Thunderbird before 68.7.0 where under certain conditions, when\nrunning the nsDocShell destructor, a race condition can cause a use-\nafter-free. Mozilla is aware of targeted attacks in the wild abusing\nthis flaw.\n\n- CVE-2020-6820 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox before 74.0.1\nand Thunderbird before 68.7.0 where, under certain conditions, when\nhandling a ReadableStream, a race condition can cause a use-after-free.\nMozilla is aware of targeted attacks in the wild abusing this flaw.\n\n- CVE-2020-6821 (information disclosure)\n\nAn information disclosure issue has been found in Firefox before 75.0\nand Thunderbird before 68.7.0. When reading from areas partially or\nfully outside the source resource with WebGL's copyTexSubImage method,\nthe specification requires the returned values be zero. Previously,\nthis memory was uninitialized, leading to potentially sensitive data\ndisclosure.\n\nImpact\n======\n\nA remote attacker can access sensitive information or execute arbitrary\ncode on the affected host.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-14/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1181957%2C1557732%2C1557739%2C1611457%2C1612431\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1620818\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1626728\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1625404\nhttps://security.archlinux.org/CVE-2020-6815\nhttps://security.archlinux.org/CVE-2020-6819\nhttps://security.archlinux.org/CVE-2020-6820\nhttps://security.archlinux.org/CVE-2020-6821", "modified": "2020-04-13T00:00:00", "published": "2020-04-13T00:00:00", "id": "ASA-202004-12", "href": "https://security.archlinux.org/ASA-202004-12", "type": "archlinux", "title": "[ASA-202004-12] thunderbird: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:05", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6831", "CVE-2020-6822", "CVE-2020-12392", "CVE-2020-6820", "CVE-2020-6819", "CVE-2020-12397", "CVE-2020-6825", "CVE-2020-6821", "CVE-2020-12395", "CVE-2020-12387"], "description": "**Issue Overview:**\n\nThe Mozilla Foundation Security Advisory describes this flaw as: \nOn 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in `GMPDecodeData`. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75\\. ([CVE-2020-6822 __](<https://access.redhat.com/security/cve/CVE-2020-6822>)) \n\n \nA flaw was found in Mozilla Firefox and Thunderbird. When parsing and validating SCTP chunks in WebRTC a memory buffer overflow could occur leading to memory corruption and an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-6831 __](<https://access.redhat.com/security/cve/CVE-2020-6831>)) \n\n \nUnder certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. ([CVE-2020-6820 __](<https://access.redhat.com/security/cve/CVE-2020-6820>)) \n\n \nUnder certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. ([CVE-2020-6819 __](<https://access.redhat.com/security/cve/CVE-2020-6819>)) \n\n \nThe Mozilla Foundation Security Advisory describes this flaw as: \nMozilla developers reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75\\. ([CVE-2020-6825 __](<https://access.redhat.com/security/cve/CVE-2020-6825>)) \n\n \nThe Mozilla Foundation Security Advisory describes this flaw as: \nThe 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. ([CVE-2020-12392 __](<https://access.redhat.com/security/cve/CVE-2020-12392>)) \n\n \nWhen reading from areas partially or fully outside the source resource with WebGL's `copyTexSubImage` method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75\\. ([CVE-2020-6821 __](<https://access.redhat.com/security/cve/CVE-2020-6821>)) \n\n \nMozilla: Sender Email Address Spoofing using encoded Unicode characters ([CVE-2020-12397 __](<https://access.redhat.com/security/cve/CVE-2020-12397>)) \n\n \nMemory safety flaws were found in Mozilla Firefox and Thunderbird. Memory corruption that an attacker could leverage with enough effort, could allow arbitrary code to run. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-12395 __](<https://access.redhat.com/security/cve/CVE-2020-12395>)) \n\n \nA flaw was found in Mozilla Firefox and Thunderbird. When running shutdown code for Web Worker, a race condition occurs leading to a use-after-free memory flaw that could lead to an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-12387 __](<https://access.redhat.com/security/cve/CVE-2020-12387>))\n\n \n**Affected Packages:** \n\n\nthunderbird\n\n \n**Issue Correction:** \nRun _yum update thunderbird_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n thunderbird-68.8.0-1.amzn2.aarch64 \n thunderbird-debuginfo-68.8.0-1.amzn2.aarch64 \n \n src: \n thunderbird-68.8.0-1.amzn2.src \n \n x86_64: \n thunderbird-68.8.0-1.amzn2.x86_64 \n thunderbird-debuginfo-68.8.0-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2020-05-19T18:32:00", "published": "2020-05-19T18:32:00", "id": "ALAS2-2020-1429", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1429.html", "title": "Critical: thunderbird", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
