ID CVE-2006-1741 Type cve Reporter NVD Modified 2017-10-10T21:30:49
Description
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.proto to extend eval, aka "cross-site JavaScript injection".
{"id": "CVE-2006-1741", "bulletinFamily": "NVD", "title": "CVE-2006-1741", "description": "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) \"using a modal alert to suspend an event handler while a new page is being loaded\", (2) using eval(), and using certain variants involving (3) \"new Script;\" and (4) using window.__proto__ to extend eval, aka \"cross-site JavaScript injection\".", "published": "2006-04-14T06:02:00", "modified": "2017-10-10T21:30:49", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1741", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/25806", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076", "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml", "http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded", "http://www.redhat.com/support/errata/RHSA-2006-0329.html", "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml", "http://www.ubuntulinux.org/support/documentation/usn/usn-276-1", "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078", "http://www.redhat.com/support/errata/RHSA-2006-0330.html", "http://www.debian.org/security/2006/dsa-1046", "http://www.mozilla.org/security/announce/2006/mfsa2006-09.html", "http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded", "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1", "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt", "http://www.ubuntulinux.org/support/documentation/usn/usn-271-1", "http://www.debian.org/security/2006/dsa-1051", "http://www.debian.org/security/2006/dsa-1044", "http://www.novell.com/linux/security/advisories/2006_04_25.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1", "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html", "http://www.redhat.com/support/errata/RHSA-2006-0328.html", "http://www.ubuntulinux.org/support/documentation/usn/usn-275-1", "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html", "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", "http://www.vupen.com/english/advisories/2006/1356"], "cvelist": ["CVE-2006-1741"], "type": "cve", "lastseen": "2017-10-11T11:06:35", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1855", "name": "oval:org.mitre.oval:def:1855", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:mozilla_suite:1.7.11", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:mozilla_suite:1.7.10", "cpe:/a:mozilla:mozilla_suite:1.7.7", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:mozilla_suite:1.7.6", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:mozilla_suite:1.7.12", "cpe:/a:mozilla:mozilla_suite:1.7.8", "cpe:/a:mozilla:thunderbird:1.0.3"], "cvelist": ["CVE-2006-1741"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) \"using a modal alert to suspend an event handler while a new page is being loaded\", (2) using eval(), and using certain variants involving (3) \"new Script;\" and (4) using window.__proto__ to extend eval, aka \"cross-site JavaScript injection\".", "edition": 1, "enchantments": {}, "hash": "86fefadd396b9de55ae9478e76167e7afcbd92345eda4234f76a5e8f6fd327bf", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "1b328c18b1445085952c83c71a5177dc", "key": "scanner"}, {"hash": "c60cfcd6168742e419eaf222999a8088", "key": "description"}, {"hash": "68e98d3ac24fb6517ef5ade109d1cf1c", "key": "assessment"}, {"hash": "63877edf977300772caaffdb502f31a3", "key": "cpe"}, {"hash": "77aff48167e1099a4392a9ea8d1acfe7", "key": "published"}, {"hash": "2034a8edef8ecf1792c71eac7c4b8f67", "key": "references"}, {"hash": "77531b8ecab57d3b274cb51059527a20", "key": "title"}, {"hash": "4669e16e97ecfaaad700a6378d90bfb5", "key": "cvelist"}, {"hash": "145eff19e4f95725b88710d454525d83", "key": "href"}, {"hash": "18e9cab4108e5618745a9a6231620489", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1741", "id": "CVE-2006-1741", "lastseen": "2016-09-03T06:46:09", "modified": "2011-03-07T21:33:47", "objectVersion": "1.2", "published": "2006-04-14T06:02:00", "references": ["http://www.mandriva.com/security/advisories?name=MDKSA-2006:076", "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml", "http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded", "http://xforce.iss.net/xforce/xfdb/25806", "http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded", "http://www.redhat.com/support/errata/RHSA-2006-0329.html", "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml", "http://www.ubuntulinux.org/support/documentation/usn/usn-276-1", "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078", "http://www.redhat.com/support/errata/RHSA-2006-0330.html", "http://www.debian.org/security/2006/dsa-1046", "http://www.mozilla.org/security/announce/2006/mfsa2006-09.html", "http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded", "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1", "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt", "http://www.ubuntulinux.org/support/documentation/usn/usn-271-1", "http://www.debian.org/security/2006/dsa-1051", "http://www.debian.org/security/2006/dsa-1044", "http://www.novell.com/linux/security/advisories/2006_04_25.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1", "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html", "http://www.redhat.com/support/errata/RHSA-2006-0328.html", "http://www.ubuntulinux.org/support/documentation/usn/usn-275-1", "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html", "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", "http://www.vupen.com/english/advisories/2006/1356"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9167", "name": "oval:org.mitre.oval:def:9167", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2006-1741", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:46:09"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1855", "name": "oval:org.mitre.oval:def:1855", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:mozilla_suite:1.7.11", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:mozilla_suite:1.7.10", "cpe:/a:mozilla:mozilla_suite:1.7.7", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:mozilla_suite:1.7.6", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:mozilla_suite:1.7.12", "cpe:/a:mozilla:mozilla_suite:1.7.8", "cpe:/a:mozilla:thunderbird:1.0.3"], "cvelist": ["CVE-2006-1741"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) \"using a modal alert to suspend an event handler while a new page is being loaded\", (2) using eval(), and using certain variants involving (3) \"new Script;\" and (4) using window.__proto__ to extend eval, aka \"cross-site JavaScript injection\".", "edition": 2, "enchantments": {}, "hash": "745277f9faa11afe0c9ad155336ae5976d8e7189292a5587dae64b1a039fca03", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "1b328c18b1445085952c83c71a5177dc", "key": "scanner"}, {"hash": "7629274679be99362d77935a177ec4f5", "key": "references"}, {"hash": "c60cfcd6168742e419eaf222999a8088", "key": "description"}, {"hash": "68e98d3ac24fb6517ef5ade109d1cf1c", "key": "assessment"}, {"hash": "63877edf977300772caaffdb502f31a3", "key": "cpe"}, {"hash": "77aff48167e1099a4392a9ea8d1acfe7", "key": "published"}, {"hash": "77531b8ecab57d3b274cb51059527a20", "key": "title"}, {"hash": "4669e16e97ecfaaad700a6378d90bfb5", "key": "cvelist"}, {"hash": "145eff19e4f95725b88710d454525d83", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "c03aaa2b5b11130cc0a16b06f247d88c", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1741", "id": "CVE-2006-1741", "lastseen": "2017-07-20T10:49:13", "modified": "2017-07-19T21:30:52", "objectVersion": "1.3", "published": "2006-04-14T06:02:00", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/25806", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076", "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml", "http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded", "http://www.redhat.com/support/errata/RHSA-2006-0329.html", "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml", "http://www.ubuntulinux.org/support/documentation/usn/usn-276-1", "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078", "http://www.redhat.com/support/errata/RHSA-2006-0330.html", "http://www.debian.org/security/2006/dsa-1046", "http://www.mozilla.org/security/announce/2006/mfsa2006-09.html", "http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded", "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1", "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt", "http://www.ubuntulinux.org/support/documentation/usn/usn-271-1", "http://www.debian.org/security/2006/dsa-1051", "http://www.debian.org/security/2006/dsa-1044", "http://www.novell.com/linux/security/advisories/2006_04_25.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1", "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html", "http://www.redhat.com/support/errata/RHSA-2006-0328.html", "http://www.ubuntulinux.org/support/documentation/usn/usn-275-1", "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html", "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", "http://www.vupen.com/english/advisories/2006/1356"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9167", "name": "oval:org.mitre.oval:def:9167", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2006-1741", "type": "cve", "viewCount": 0}, "differentElements": ["assessment", "modified"], "edition": 2, "lastseen": "2017-07-20T10:49:13"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "d65e5f1a606c1d40183dbc3b5b94c08f"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "63877edf977300772caaffdb502f31a3"}, {"key": "cvelist", "hash": "4669e16e97ecfaaad700a6378d90bfb5"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "c60cfcd6168742e419eaf222999a8088"}, {"key": "href", "hash": "145eff19e4f95725b88710d454525d83"}, {"key": "modified", "hash": "7499df92e9f1d6dbb2f4abfb1a1c777a"}, {"key": "published", "hash": "77aff48167e1099a4392a9ea8d1acfe7"}, {"key": "references", "hash": "7629274679be99362d77935a177ec4f5"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "1b328c18b1445085952c83c71a5177dc"}, {"key": "title", "hash": "77531b8ecab57d3b274cb51059527a20"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "4c871042b63552319fdf623e672ce3c4c87a6c330a7654fb55bddea9331e4605", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-10-11T11:06:35"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "cpe": ["cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:mozilla_suite:1.7.11", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:mozilla_suite:1.7.10", "cpe:/a:mozilla:mozilla_suite:1.7.7", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:mozilla_suite:1.7.6", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:mozilla_suite:1.7.12", "cpe:/a:mozilla:mozilla_suite:1.7.8", "cpe:/a:mozilla:thunderbird:1.0.3"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855", "name": "oval:org.mitre.oval:def:1855", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9167", "name": "oval:org.mitre.oval:def:9167", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:21", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.mozilla.org/\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=296514\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=311024\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=311619\nVendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=311892\n[Vendor Specific Advisory URL](http://www.mozilla.org/security/announce/2006/mfsa2006-09.html)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1051)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-276-1)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1)\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006_04_25.html)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-275-1)\n[Secunia Advisory ID:19696](https://secuniaresearch.flexerasoftware.com/advisories/19696/)\n[Secunia Advisory ID:19729](https://secuniaresearch.flexerasoftware.com/advisories/19729/)\n[Secunia Advisory ID:19780](https://secuniaresearch.flexerasoftware.com/advisories/19780/)\n[Secunia Advisory ID:19811](https://secuniaresearch.flexerasoftware.com/advisories/19811/)\n[Secunia Advisory ID:19852](https://secuniaresearch.flexerasoftware.com/advisories/19852/)\n[Secunia Advisory ID:19902](https://secuniaresearch.flexerasoftware.com/advisories/19902/)\n[Secunia Advisory ID:22066](https://secuniaresearch.flexerasoftware.com/advisories/22066/)\n[Secunia Advisory ID:19631](https://secuniaresearch.flexerasoftware.com/advisories/19631/)\n[Secunia Advisory ID:19746](https://secuniaresearch.flexerasoftware.com/advisories/19746/)\n[Secunia Advisory ID:19823](https://secuniaresearch.flexerasoftware.com/advisories/19823/)\n[Secunia Advisory ID:19863](https://secuniaresearch.flexerasoftware.com/advisories/19863/)\n[Secunia Advisory ID:21033](https://secuniaresearch.flexerasoftware.com/advisories/21033/)\n[Secunia Advisory ID:21622](https://secuniaresearch.flexerasoftware.com/advisories/21622/)\n[Secunia Advisory ID:19941](https://secuniaresearch.flexerasoftware.com/advisories/19941/)\n[Secunia Advisory ID:19649](https://secuniaresearch.flexerasoftware.com/advisories/19649/)\n[Secunia Advisory ID:19714](https://secuniaresearch.flexerasoftware.com/advisories/19714/)\n[Secunia Advisory ID:19721](https://secuniaresearch.flexerasoftware.com/advisories/19721/)\n[Secunia Advisory ID:19759](https://secuniaresearch.flexerasoftware.com/advisories/19759/)\n[Secunia Advisory ID:19821](https://secuniaresearch.flexerasoftware.com/advisories/19821/)\n[Secunia Advisory ID:19862](https://secuniaresearch.flexerasoftware.com/advisories/19862/)\n[Secunia Advisory ID:19950](https://secuniaresearch.flexerasoftware.com/advisories/19950/)\n[Secunia Advisory ID:20051](https://secuniaresearch.flexerasoftware.com/advisories/20051/)\nRedHat RHSA: RHSA-2006:0328\nRedHat RHSA: RHSA-2006:0329\nRedHat RHSA: RHSA-2006:0330\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:078\nOther Advisory URL: http://www.debian.org/security/2006/dsa-1046\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-271-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1044\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml\nKeyword: MFSA 2006-09\n[CVE-2006-1741](https://vulners.com/cve/CVE-2006-1741)\n", "reporter": "OSVDB", "published": "2006-04-13T05:32:42", "type": "osvdb", "title": "Mozilla Multiple Product Modal Alert Suspended Handler XSS", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-1741"], "modified": "2006-04-13T05:32:42", "href": "https://vulners.com/osvdb/OSVDB:24658", "id": "OSVDB:24658", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-26T08:55:13", "references": [], "pluginID": "65608", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-dom-inspector\n mozilla-ja\n mozilla-ko\n mozilla-venkman\n mozilla-hu\n mozilla-irc\n mozilla-mail\n mozilla-cs\n mozilla-devel\n mozilla-deat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019559 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SLES9: Security update for Mozilla suite", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65608", "id": "OPENVAS:65608", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019559.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Mozilla suite\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-dom-inspector\n mozilla-ja\n mozilla-ko\n mozilla-venkman\n mozilla-hu\n mozilla-irc\n mozilla-mail\n mozilla-cs\n mozilla-devel\n mozilla-deat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019559 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65608);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-0749\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1736\", \"CVE-2006-1740\", \"CVE-2006-1739\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1790\", \"CVE-2006-1742\", \"CVE-2006-1741\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla suite\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.7.8~5.20\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:19", "references": [], "pluginID": "136141256231065608", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-dom-inspector\n mozilla-ja\n mozilla-ko\n mozilla-venkman\n mozilla-hu\n mozilla-irc\n mozilla-mail\n mozilla-cs\n mozilla-devel\n mozilla-deat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019559 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "title": "SLES9: Security update for Mozilla suite", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065608", "id": "OPENVAS:136141256231065608", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019559.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Mozilla suite\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-dom-inspector\n mozilla-ja\n mozilla-ko\n mozilla-venkman\n mozilla-hu\n mozilla-irc\n mozilla-mail\n mozilla-cs\n mozilla-devel\n mozilla-deat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019559 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65608\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-0749\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1736\", \"CVE-2006-1740\", \"CVE-2006-1739\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1790\", \"CVE-2006-1742\", \"CVE-2006-1741\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla suite\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.7.8~5.20\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:46", "references": [], "pluginID": "56724", "description": "The remote host is missing updates announced in\nadvisory GLSA 200605-09.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "title": "Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-0296", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56724", "id": "OPENVAS:56724", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from\nscript execution with elevated privileges to information leaks.\";\ntag_solution = \"All Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=mail-client/mozilla-thunderbird-1.0.8'\n\nAll Mozilla Thunderbird binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=mail-client/mozilla-thunderbird-bin-1.0.8'\n\nNote: There is no stable fixed version for the ALPHA architecture yet.\nUsers of Mozilla Thunderbird on ALPHA should consider unmerging it until\nsuch a version is available.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200605-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=130888\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200605-09.\";\n\n \n\nif(description)\n{\n script_id(56724);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-0292\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1045\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird\", unaffected: make_list(\"ge 1.0.8\"), vulnerable: make_list(\"lt 1.0.8\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird-bin\", unaffected: make_list(\"ge 1.0.8\"), vulnerable: make_list(\"lt 1.0.8\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:10", "references": [], "pluginID": "56664", "description": "The remote host is missing an update to mozilla-firefox\nannounced via advisory DSA 1044-1. For details on the issues\naddressed by the missing update, please visit the referenced\nsecurity advisories.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 1044-1 (mozilla-firefox)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-0293", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56664", "id": "OPENVAS:56664", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1044_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1044-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge6.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.5.dfsg+1.5.0.2-2.\n\nWe recommend that you upgrade your Mozilla Firefox packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201044-1\";\ntag_summary = \"The remote host is missing an update to mozilla-firefox\nannounced via advisory DSA 1044-1. For details on the issues\naddressed by the missing update, please visit the referenced\nsecurity advisories.\";\n\n\nif(description)\n{\n script_id(56664);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0293\", \"CVE-2006-0292\", \"CVE-2005-4134\", \"CVE-2006-0296\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1790\", \"CVE-2006-1740\", \"CVE-2006-1736\", \"CVE-2006-1735\", \"CVE-2006-1734\", \"CVE-2006-1733\", \"CVE-2006-1732\", \"CVE-2006-0749\", \"CVE-2006-1731\", \"CVE-2006-1730\", \"CVE-2006-1729\", \"CVE-2006-1728\", \"CVE-2006-1727\", \"CVE-2006-0748\");\n script_bugtraq_id(15773,16476,17516);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1044-1 (mozilla-firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.0.4-2sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"1.0.4-2sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"1.0.4-2sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:08", "references": [], "pluginID": "56576", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "FreeBSD Ports: firefox", "type": "openvas", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1531", "CVE-2006-1530", "CVE-2006-1728", "CVE-2006-1725", "CVE-2006-1730", "CVE-2006-1726", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-1529", "CVE-2006-1729", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1723", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2016-09-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56576", "id": "OPENVAS:56576", "sourceData": "#\n#VID 84630f4a-cd8c-11da-b7b9-000c6ec775d9\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n firefox\n linux-firefox\n mozilla\n linux-mozilla\n linux-mozilla-devel\n seamonkey\n thunderbird\n mozilla-thunderbird\n\nFor details, please visit the referenced security advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-09.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-10.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-11.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-12.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-13.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-14.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-15.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-16.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-17.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-18.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-19.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-20.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-22.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-23.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-25.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-26.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-28.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-29.html\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-010.html\nhttp://www.vuxml.org/freebsd/84630f4a-cd8c-11da-b7b9-000c6ec775d9.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56576);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-0749\", \"CVE-2006-1045\", \"CVE-2006-1529\", \"CVE-2006-1530\", \"CVE-2006-1531\", \"CVE-2006-1723\", \"CVE-2006-1724\", \"CVE-2006-1725\", \"CVE-2006-1726\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1736\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.8,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.5.*,1\")>0 && revcomp(a:bver, b:\"1.5.0.2,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.5.0.2\")<0) {\n txt += 'Package linux-firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.13,2\")<0) {\n txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,2\")>=0) {\n txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-mozilla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.13\")<0) {\n txt += 'Package linux-mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-mozilla-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-mozilla-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.1\")<0) {\n txt += 'Package seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.5.0.2\")<0) {\n txt += 'Package thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.5.0.2\")<0) {\n txt += 'Package mozilla-thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:42", "references": [], "pluginID": "56679", "description": "The remote host is missing updates announced in\nadvisory GLSA 200604-12.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56679", "id": "OPENVAS:56679", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities in Mozilla Firefox allow attacks ranging from\nexecution of script code with elevated privileges to information leaks.\";\ntag_solution = \"All Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.0.8'\n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.0.8'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200604-12\nhttp://bugs.gentoo.org/show_bug.cgi?id=129924\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200604-12.\";\n\n \n\nif(description)\n{\n script_id(56679);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-4134\", \"CVE-2006-0292\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1736\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-client/mozilla-firefox\", unaffected: make_list(\"ge 1.0.8\"), vulnerable: make_list(\"lt 1.0.8\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/mozilla-firefox-bin\", unaffected: make_list(\"ge 1.0.8\"), vulnerable: make_list(\"lt 1.0.8\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:44", "references": [], "pluginID": "56685", "description": "The remote host is missing updates announced in\nadvisory GLSA 200604-18.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Gentoo Security Advisory GLSA 200604-18 (mozilla)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-0293", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56685", "id": "OPENVAS:56685", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities in Mozilla Suite allow attacks ranging from script\nexecution with elevated privileges to information leaks.\";\ntag_solution = \"All Mozilla Suite users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-1.7.13'\n\nAll Mozilla Suite binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-bin-1.7.13'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200604-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=130887\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200604-18.\";\n\n \n\nif(description)\n{\n script_id(56685);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-4134\", \"CVE-2006-0292\", \"CVE-2006-0293\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1045\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1736\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200604-18 (mozilla)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-client/mozilla\", unaffected: make_list(\"ge 1.7.13\"), vulnerable: make_list(\"lt 1.7.13\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/mozilla-bin\", unaffected: make_list(\"ge 1.7.13\"), vulnerable: make_list(\"lt 1.7.13\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:43", "references": [], "pluginID": "56672", "description": "The remote host is missing an update to mozilla-thunderbird\nannounced via advisory DSA 1051-1. For details on the issues\naddressed by the missing update, please visit the referenced\nsecurity advisories.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1531", "CVE-2006-1530", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-0293", "CVE-2005-2353", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-1529", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1723", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56672", "id": "OPENVAS:56672", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1051_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1051-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.5.0.2-1 of thunderbird.\n\nWe recommend that you upgrade your Mozilla Thunderbird packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201051-1\";\ntag_summary = \"The remote host is missing an update to mozilla-thunderbird\nannounced via advisory DSA 1051-1. For details on the issues\naddressed by the missing update, please visit the referenced\nsecurity advisories.\";\n\n\nif(description)\n{\n script_id(56672);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2353\", \"CVE-2005-4134\", \"CVE-2006-0292\", \"CVE-2006-0293\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1045\", \"CVE-2006-1529\", \"CVE-2006-1530\", \"CVE-2006-1531\", \"CVE-2006-1723\", \"CVE-2006-1724\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1736\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\", \"CVE-2006-1732\");\n script_bugtraq_id(15773,16476,16476,16770,16881,17516);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"1.0.2-2.sarge1.0.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"1.0.2-2.sarge1.0.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-inspector\", ver:\"1.0.2-2.sarge1.0.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-offline\", ver:\"1.0.2-2.sarge1.0.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-typeaheadfind\", ver:\"1.0.2-2.sarge1.0.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:58", "references": [], "pluginID": "56667", "description": "The remote host is missing an update to mozilla\nannounced via advisory DSA 1046-1. For details on the issues\naddressed by the missing update, please visit the referenced\nsecurity advisories.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 1046-1 (mozilla)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1531", "CVE-2006-1530", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1725", "CVE-2006-1730", "CVE-2006-0293", "CVE-2006-1726", "CVE-2005-2353", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-1529", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1723", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56667", "id": "OPENVAS:56667", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1046_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1046-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge5.\n\nFor the unstable distribution (sid) these problems will be fixed in\nversion 1.7.13-1.\n\nWe recommend that you upgrade your Mozilla packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201046-1\";\ntag_summary = \"The remote host is missing an update to mozilla\nannounced via advisory DSA 1046-1. For details on the issues\naddressed by the missing update, please visit the referenced\nsecurity advisories.\";\n\n\nif(description)\n{\n script_id(56667);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2353\", \"CVE-2005-4134\", \"CVE-2006-0292\", \"CVE-2006-0293\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1045\", \"CVE-2006-1529\", \"CVE-2006-1530\", \"CVE-2006-1531\", \"CVE-2006-1723\", \"CVE-2006-1724\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1736\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\", \"CVE-2006-1725\", \"CVE-2006-1726\", \"CVE-2006-1732\");\n script_bugtraq_id(15773,16476,16476,16770,16881,17516);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1046-1 (mozilla)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-browser\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-calendar\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-chatzilla\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dev\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dom-inspector\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-js-debugger\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-mailnews\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-psm\", ver:\"1.7.8-1sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:45:32", "references": ["http://pasi.pirhonen.eu/", "https://rhn.redhat.com/errata/RHSA-2006-0330.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1axp.centos4", "arch": "alpha", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1axp.centos4.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "ia64", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.centos4.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.centos4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "s390", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.centos4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.centos4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.centos4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1axp.centos4", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1axp.centos4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.centos4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "s390x", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.centos4.s390x.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0330\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nSeveral bugs were found in the way Thunderbird processes malformed\r\njavascript. A malicious HTML mail message could modify the content of a\r\ndifferent open HTML mail message, possibly stealing sensitive information\r\nor conducting a cross-site scripting attack. Please note that JavaScript\r\nsupport is disabled by default in Thunderbird. (CVE-2006-1731,\r\nCVE-2006-1732, CVE-2006-1741)\r\n\r\nSeveral bugs were found in the way Thunderbird processes certain \r\njavascript actions. A malicious HTML mail message could execute arbitrary \r\njavascript instructions with the permissions of 'chrome', allowing the \r\npage to steal sensitive information or install browser malware. Please \r\nnote that JavaScript support is disabled by default in Thunderbird. \r\n(CVE-2006-0292, CVE-2006-0296, CVE-2006-1727, CVE-2006-1728, CVE-2006-1733,\r\nCVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\r\n\r\nSeveral bugs were found in the way Thunderbird processes malformed HTML\r\nmail messages. A carefully crafted malicious HTML mail message could \r\ncause the execution of arbitrary code as the user running Thunderbird.\r\n(CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737,\r\nCVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\r\n\r\nA bug was found in the way Thunderbird processes certain inline content \r\nin HTML mail messages. It may be possible for a remote attacker to send a\r\ncarefully crafted mail message to the victim, which will fetch remote\r\ncontent, even if Thunderbird is configured not to fetch remote content.\r\n(CVE-2006-1045)\r\n\r\nA bug was found in the way Thunderbird executes in-line mail forwarding. If\r\na user can be tricked into forwarding a maliciously crafted mail message as\r\nin-line content, it is possible for the message to execute javascript with\r\nthe permissions of \"chrome\". (CVE-2006-0884)\r\n\r\nUsers of Thunderbird are advised to upgrade to these updated packages\r\ncontaining Thunderbird version 1.0.8, which is not vulnerable to these \r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012835.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012836.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012837.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012838.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012839.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0330.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-04-21T17:41:34", "title": "thunderbird security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-0296", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2006-04-21T21:56:00", "href": "http://lists.centos.org/pipermail/centos-announce/2006-April/012835.html", "id": "CESA-2006:0330", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:44:54", "references": ["http://iki.fi/upi/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2006-0328.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1axp.centos4", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1axp.centos4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.8-1.4.1.centos3", "arch": "ia64", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1axp.centos4", "arch": "alpha", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1axp.centos4.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.8-1.4.1.centos3", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.8-1.4.1.centos3", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.8-1.4.1.centos3", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.8-1.4.1.centos3", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.8-1.4.1.centos3", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.8-1.4.1.centos3", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.8-1.4.1.centos3", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.8-1.4.1.centos3", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.8-1.4.1.centos4", "arch": "ia64", "packageName": "firefox", "packageFilename": "firefox-1.0.8-1.4.1.centos4.ia64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0328\n\n\nMozilla Firefox is an open source Web browser.\r\n\r\nSeveral bugs were found in the way Firefox processes malformed javascript.\r\nA malicious web page could modify the content of a different open web page,\r\npossibly stealing sensitive information or conducting a cross-site\r\nscripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\r\n\r\nSeveral bugs were found in the way Firefox processes certain javascript\r\nactions. A malicious web page could execute arbitrary javascript\r\ninstructions with the permissions of \"chrome\", allowing the page to steal\r\nsensitive information or install browser malware. (CVE-2006-1727,\r\nCVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\r\n\r\nSeveral bugs were found in the way Firefox processes malformed web pages.\r\nA carefully crafted malicious web page could cause the execution of\r\narbitrary code as the user running Firefox. (CVE-2006-0748, CVE-2006-0749,\r\nCVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,\r\nCVE-2006-1790) \r\n\r\nA bug was found in the way Firefox displays the secure site icon. If a\r\nbrowser is configured to display the non-default secure site modal warning\r\ndialog, it may be possible to trick a user into believing they are viewing\r\na secure site. (CVE-2006-1740)\r\n\r\nA bug was found in the way Firefox allows javascript mutation events on\r\n\"input\" form elements. A malicious web page could be created in such a way\r\nthat when a user submits a form, an arbitrary file could be uploaded to the\r\nattacker. (CVE-2006-1729)\r\n\r\nUsers of Firefox are advised to upgrade to these updated packages\r\ncontaining Firefox version 1.0.8 which corrects these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012812.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012813.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012814.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012815.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012816.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012817.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012818.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012819.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012820.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0328.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-04-14T18:00:35", "title": "firefox security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2006-04-15T12:41:08", "href": "http://lists.centos.org/pipermail/centos-announce/2006-April/012812.html", "id": "CESA-2006:0328", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:44:42", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2006-0329.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-mail-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla-mail", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla-nss", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-devel-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla-nss-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla-js-debugger", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla-nspr-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-mail-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-mail", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla-nss", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-devel-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla-devel", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla-js-debugger", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla-nspr", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla-js-debugger", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla-nspr", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-devel-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla-nspr", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-mail-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla-mail", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla-nss", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla-nspr-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla-nspr-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-chat-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla-chat", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla-js-debugger", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-nspr-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla-nspr", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla-nspr", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla-nss-devel", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla-nss-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-1.7.13-1.1.3.1.centos3.src.rpm", "packageName": "mozilla", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-1.7.13-1.1.3.1.centos3.src.rpm", "packageName": "mozilla", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.2-2.4.8", "packageFilename": "devhelp-0.9.2-2.4.8.i386.rpm", "packageName": "devhelp", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-chat-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla-chat", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-1.7.13-1.4.1.centos4.src.rpm", "packageName": "mozilla", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-1.7.13-1.4.1.centos4.src.rpm", "packageName": "mozilla", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-chat-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-chat", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla-nss", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla-mail", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla-mail", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-devel-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla-js-debugger", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-mail", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla-dom-inspector", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla-nspr", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla-dom-inspector", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla-js-debugger", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla-nss-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-js-debugger", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla-dom-inspector", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla-nspr-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-js-debugger", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla-nss", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla-nss-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla-nss-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-chat-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla-chat", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-1.7.13-1.4.1.centos4.s390x.rpm", "packageName": "mozilla", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla-dom-inspector", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla-mail", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla-nspr-devel", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla-nspr-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-devel-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-chat-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla-chat", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-nss-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla-nss", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-nspr-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla-nspr-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.2-2.4.8", "packageFilename": "devhelp-devel-0.9.2-2.4.8.i386.rpm", "packageName": "devhelp-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla-nss", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla-chat", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla-dom-inspector", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.centos3.s390x.rpm", "packageName": "mozilla-nspr-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla-js-debugger", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-chat", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla-nss-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla-nspr-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla-dom-inspector", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla-mail", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-nspr-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-mail-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla-mail", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla-chat", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-nspr", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-nspr", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla-chat", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla-dom-inspector", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla-nss", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1axp.centos4", "packageFilename": "mozilla-mail-1.7.13-1.4.1axp.centos4.alpha.rpm", "packageName": "mozilla-mail", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-nspr", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-nspr", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla-nss-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.centos4.i386.rpm", "packageName": "mozilla-dom-inspector", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-chat-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla-chat", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.centos3.ia64.rpm", "packageName": "mozilla-dom-inspector", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.2-2.4.8", "packageFilename": "devhelp-devel-0.9.2-2.4.8.x86_64.rpm", "packageName": "devhelp-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.centos3.x86_64.rpm", "packageName": "mozilla-nspr", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla-nspr", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.2-2.4.8", "packageFilename": "devhelp-0.9.2-2.4.8.x86_64.rpm", "packageName": "devhelp", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla-nss-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla-js-debugger", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.centos3.i386.rpm", "packageName": "mozilla-dom-inspector", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla-js-debugger", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.2-2.4.8", "packageFilename": "devhelp-0.9.2-2.4.8.src.rpm", "packageName": "devhelp", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.2-2.4.8", "packageFilename": "devhelp-0.9.2-2.4.8.src.rpm", "packageName": "devhelp", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-devel-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.centos4.x86_64.rpm", "packageName": "mozilla-dom-inspector", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.centos4.s390.rpm", "packageName": "mozilla-nspr", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla-chat", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.7.13-1.1.3.1.centos3", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.centos3.s390.rpm", "packageName": "mozilla-nss", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.7.13-1.4.1.centos4", "packageFilename": "mozilla-mail-1.7.13-1.4.1.centos4.ia64.rpm", "packageName": "mozilla-mail", "arch": "ia64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0329\n\n\nMozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nSeveral bugs were found in the way Mozilla processes malformed javascript.\r\nA malicious web page could modify the content of a different open web\r\npage, possibly stealing sensitive information or conducting a cross-site\r\nscripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\r\n\r\nSeveral bugs were found in the way Mozilla processes certain javascript\r\nactions. A malicious web page could execute arbitrary javascript\r\ninstructions with the permissions of \"chrome\", allowing the page to steal\r\nsensitive information or install browser malware. (CVE-2006-1727,\r\nCVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\r\n\r\nSeveral bugs were found in the way Mozilla processes malformed web pages. \r\nA carefully crafted malicious web page could cause the execution of\r\narbitrary code as the user running Mozilla. (CVE-2006-0748, CVE-2006-0749,\r\nCVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\r\n\r\nA bug was found in the way Mozilla displays the secure site icon. If a\r\nbrowser is configured to display the non-default secure site modal warning\r\ndialog, it may be possible to trick a user into believing they are viewing\r\na secure site. (CVE-2006-1740)\r\n\r\nA bug was found in the way Mozilla allows javascript mutation events on\r\n\"input\" form elements. A malicious web page could be created in such a way\r\nthat when a user submits a form, an arbitrary file could be uploaded to the\r\nattacker. (CVE-2006-1729)\r\n\r\nA bug was found in the way Mozilla executes in-line mail forwarding. If a\r\nuser can be tricked into forwarding a maliciously crafted mail message as\r\nin-line content, it is possible for the message to execute javascript with\r\nthe permissions of \"chrome\". (CVE-2006-0884)\r\n\r\nUsers of Mozilla are advised to upgrade to these updated packages\r\ncontaining Mozilla version 1.7.13 which corrects these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012821.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012822.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012823.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012824.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012825.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012826.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012827.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012829.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012830.html\n\n**Affected packages:**\ndevhelp\ndevhelp-devel\nmozilla\nmozilla-chat\nmozilla-devel\nmozilla-dom-inspector\nmozilla-js-debugger\nmozilla-mail\nmozilla-nspr\nmozilla-nspr-devel\nmozilla-nss\nmozilla-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0329.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-04-18T17:41:36", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "devhelp, mozilla security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2006-04-19T10:06:26", "href": "http://lists.centos.org/pipermail/centos-announce/2006-April/012821.html", "id": "CESA-2006:0329", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:45:33", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.2.14-1.2.8", "arch": "i386", "packageName": "galeon", "packageFilename": "galeon-1.2.14-1.2.8.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.7.13-1.1.2.2.c2.1", "arch": "i386", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.2.2.c2.1.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0329-01\n\n\nMozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nSeveral bugs were found in the way Mozilla processes malformed javascript.\r\nA malicious web page could modify the content of a different open web\r\npage, possibly stealing sensitive information or conducting a cross-site\r\nscripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\r\n\r\nSeveral bugs were found in the way Mozilla processes certain javascript\r\nactions. A malicious web page could execute arbitrary javascript\r\ninstructions with the permissions of \"chrome\", allowing the page to steal\r\nsensitive information or install browser malware. (CVE-2006-1727,\r\nCVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\r\n\r\nSeveral bugs were found in the way Mozilla processes malformed web pages. \r\nA carefully crafted malicious web page could cause the execution of\r\narbitrary code as the user running Mozilla. (CVE-2006-0748, CVE-2006-0749,\r\nCVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\r\n\r\nA bug was found in the way Mozilla displays the secure site icon. If a\r\nbrowser is configured to display the non-default secure site modal warning\r\ndialog, it may be possible to trick a user into believing they are viewing\r\na secure site. (CVE-2006-1740)\r\n\r\nA bug was found in the way Mozilla allows javascript mutation events on\r\n\"input\" form elements. A malicious web page could be created in such a way\r\nthat when a user submits a form, an arbitrary file could be uploaded to the\r\nattacker. (CVE-2006-1729)\r\n\r\nA bug was found in the way Mozilla executes in-line mail forwarding. If a\r\nuser can be tricked into forwarding a maliciously crafted mail message as\r\nin-line content, it is possible for the message to execute javascript with\r\nthe permissions of \"chrome\". (CVE-2006-0884)\r\n\r\nUsers of Mozilla are advised to upgrade to these updated packages\r\ncontaining Mozilla version 1.7.13 which corrects these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-April/012828.html\n\n**Affected packages:**\ngaleon\nmozilla\nmozilla-chat\nmozilla-devel\nmozilla-dom-inspector\nmozilla-js-debugger\nmozilla-mail\nmozilla-nspr\nmozilla-nspr-devel\nmozilla-nss\nmozilla-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-04-18T23:53:59", "title": "galeon, mozilla security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2006-04-18T23:53:59", "href": "http://lists.centos.org/pipermail/centos-announce/2006-April/012828.html", "id": "CESA-2006:0329-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:57:55", "references": ["http://www.mozilla.com/firefox/releases/1.0.8.html", "https://www.redhat.com/security/data/cve/CVE-2006-1739.html", "https://www.redhat.com/security/data/cve/CVE-2006-1737.html", "https://www.redhat.com/security/data/cve/CVE-2006-1741.html", "https://www.redhat.com/security/data/cve/CVE-2006-1730.html", "https://www.redhat.com/security/data/cve/CVE-2006-0749.html", "https://www.redhat.com/security/data/cve/CVE-2006-1731.html", "https://www.redhat.com/security/data/cve/CVE-2006-1728.html", "http://rhn.redhat.com/errata/RHSA-2006-0328.html", "https://www.redhat.com/security/data/cve/CVE-2006-1734.html", "https://www.redhat.com/security/data/cve/CVE-2006-1727.html", "https://www.redhat.com/security/data/cve/CVE-2006-1732.html", "https://www.redhat.com/security/data/cve/CVE-2006-1790.html", "https://www.redhat.com/security/data/cve/CVE-2006-1735.html", "https://www.redhat.com/security/data/cve/CVE-2006-1740.html", "https://www.redhat.com/security/data/cve/CVE-2006-0748.html", "https://www.redhat.com/security/data/cve/CVE-2006-1724.html", "https://www.redhat.com/security/data/cve/CVE-2006-1733.html", "https://www.redhat.com/security/data/cve/CVE-2006-1738.html", "https://www.redhat.com/security/data/cve/CVE-2006-1742.html", "https://www.redhat.com/security/data/cve/CVE-2006-1729.html"], "pluginID": "21232", "description": "Updated firefox packages that fix several security bugs are now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include CVE-2006-0748, an issue fixed by these erratum packages but which was not public at the time of release. No changes have been made to the packages.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral bugs were found in the way Firefox processes malformed JavaScript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Firefox processes certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware.\n(CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Firefox processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Firefox.\n(CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nA bug was found in the way Firefox displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740)\n\nA bug was found in the way Firefox allows JavaScript mutation events on 'input' form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729)\n\nUsers of Firefox are advised to upgrade to these updated packages containing Firefox version 1.0.8 which corrects these issues.", "edition": 6, "reporter": "Tenable", "published": "2006-04-17T00:00:00", "title": "RHEL 4 : firefox (RHSA-2006:0328)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2006-0328.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21232", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0328. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21232);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-1724\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_xref(name:\"RHSA\", value:\"2006:0328\");\n\n script_name(english:\"RHEL 4 : firefox (RHSA-2006:0328)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security bugs are now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include\nCVE-2006-0748, an issue fixed by these erratum packages but which was\nnot public at the time of release. No changes have been made to the\npackages.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral bugs were found in the way Firefox processes malformed\nJavaScript. A malicious web page could modify the content of a\ndifferent open web page, possibly stealing sensitive information or\nconducting a cross-site scripting attack. (CVE-2006-1731,\nCVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Firefox processes certain\nJavaScript actions. A malicious web page could execute arbitrary\nJavaScript instructions with the permissions of 'chrome', allowing the\npage to steal sensitive information or install browser malware.\n(CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734,\nCVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Firefox processes malformed web\npages. A carefully crafted malicious web page could cause the\nexecution of arbitrary code as the user running Firefox.\n(CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730,\nCVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nA bug was found in the way Firefox displays the secure site icon. If a\nbrowser is configured to display the non-default secure site modal\nwarning dialog, it may be possible to trick a user into believing they\nare viewing a secure site. (CVE-2006-1740)\n\nA bug was found in the way Firefox allows JavaScript mutation events\non 'input' form elements. A malicious web page could be created in\nsuch a way that when a user submits a form, an arbitrary file could be\nuploaded to the attacker. (CVE-2006-1729)\n\nUsers of Firefox are advised to upgrade to these updated packages\ncontaining Firefox version 1.0.8 which corrects these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0748.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0749.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1724.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1727.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1728.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1729.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1730.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1731.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1732.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1733.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1734.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1735.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1737.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1738.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1739.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1740.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1741.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1742.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.com/firefox/releases/1.0.8.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2006-0328.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/04/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0328\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-1.0.8-1.4.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:30", "references": ["https://www.redhat.com/security/data/cve/CVE-2006-1045.html", "https://www.redhat.com/security/data/cve/CVE-2006-1739.html", "https://www.redhat.com/security/data/cve/CVE-2006-1737.html", "http://rhn.redhat.com/errata/RHSA-2006-0330.html", "https://www.redhat.com/security/data/cve/CVE-2006-1741.html", "https://www.redhat.com/security/data/cve/CVE-2006-1730.html", "https://www.redhat.com/security/data/cve/CVE-2006-0749.html", "https://www.redhat.com/security/data/cve/CVE-2006-1731.html", "https://www.redhat.com/security/data/cve/CVE-2006-1728.html", "https://www.redhat.com/security/data/cve/CVE-2006-1734.html", "https://www.redhat.com/security/data/cve/CVE-2006-1727.html", "http://www.mozilla.org/projects/security/known-", "https://www.redhat.com/security/data/cve/CVE-2006-0884.html", "https://www.redhat.com/security/data/cve/CVE-2006-1732.html", "https://www.redhat.com/security/data/cve/CVE-2006-1790.html", "https://www.redhat.com/security/data/cve/CVE-2006-1735.html", "https://www.redhat.com/security/data/cve/CVE-2006-0748.html", "https://www.redhat.com/security/data/cve/CVE-2006-1724.html", "https://www.redhat.com/security/data/cve/CVE-2006-1733.html", "https://www.redhat.com/security/data/cve/CVE-2006-1738.html", "https://www.redhat.com/security/data/cve/CVE-2006-1742.html", "https://www.redhat.com/security/data/cve/CVE-2006-0296.html", "https://www.redhat.com/security/data/cve/CVE-2006-0292.html"], "pluginID": "21288", "description": "Updated thunderbird packages that fix various bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages but which were not public at the time of release. No changes have been made to the packages.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral bugs were found in the way Thunderbird processes malformed JavaScript. A malicious HTML mail message could modify the content of a different open HTML mail message, possibly stealing sensitive information or conducting a cross-site scripting attack. Please note that JavaScript support is disabled by default in Thunderbird.\n(CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Thunderbird processes certain JavaScript actions. A malicious HTML mail message could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. Please note that JavaScript support is disabled by default in Thunderbird. (CVE-2006-0292, CVE-2006-0296, CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Thunderbird processes malformed HTML mail messages. A carefully crafted malicious HTML mail message could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nA bug was found in the way Thunderbird processes certain inline content in HTML mail messages. It may be possible for a remote attacker to send a carefully crafted mail message to the victim, which will fetch remote content, even if Thunderbird is configured not to fetch remote content. (CVE-2006-1045)\n\nA bug was found in the way Thunderbird executes in-line mail forwarding. If a user can be tricked into forwarding a maliciously crafted mail message as in-line content, it is possible for the message to execute JavaScript with the permissions of 'chrome'.\n(CVE-2006-0884)\n\nUsers of Thunderbird are advised to upgrade to these updated packages containing Thunderbird version 1.0.8, which is not vulnerable to these issues.", "edition": 6, "reporter": "Tenable", "published": "2006-04-26T00:00:00", "title": "RHEL 4 : thunderbird (RHSA-2006:0330)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-0296", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2006-0330.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21288", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0330. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21288);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2006-0292\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1045\", \"CVE-2006-1724\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_xref(name:\"RHSA\", value:\"2006:0330\");\n\n script_name(english:\"RHEL 4 : thunderbird (RHSA-2006:0330)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated thunderbird packages that fix various bugs are now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include the\ndetails of additional issues that were fixed by these erratum packages\nbut which were not public at the time of release. No changes have been\nmade to the packages.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral bugs were found in the way Thunderbird processes malformed\nJavaScript. A malicious HTML mail message could modify the content of\na different open HTML mail message, possibly stealing sensitive\ninformation or conducting a cross-site scripting attack. Please note\nthat JavaScript support is disabled by default in Thunderbird.\n(CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Thunderbird processes certain\nJavaScript actions. A malicious HTML mail message could execute\narbitrary JavaScript instructions with the permissions of 'chrome',\nallowing the page to steal sensitive information or install browser\nmalware. Please note that JavaScript support is disabled by default in\nThunderbird. (CVE-2006-0292, CVE-2006-0296, CVE-2006-1727,\nCVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735,\nCVE-2006-1742)\n\nSeveral bugs were found in the way Thunderbird processes malformed\nHTML mail messages. A carefully crafted malicious HTML mail message\ncould cause the execution of arbitrary code as the user running\nThunderbird. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1724,\nCVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,\nCVE-2006-1790)\n\nA bug was found in the way Thunderbird processes certain inline\ncontent in HTML mail messages. It may be possible for a remote\nattacker to send a carefully crafted mail message to the victim, which\nwill fetch remote content, even if Thunderbird is configured not to\nfetch remote content. (CVE-2006-1045)\n\nA bug was found in the way Thunderbird executes in-line mail\nforwarding. If a user can be tricked into forwarding a maliciously\ncrafted mail message as in-line content, it is possible for the\nmessage to execute JavaScript with the permissions of 'chrome'.\n(CVE-2006-0884)\n\nUsers of Thunderbird are advised to upgrade to these updated packages\ncontaining Thunderbird version 1.0.8, which is not vulnerable to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0292.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0296.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0748.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0749.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0884.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1045.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1724.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1727.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1728.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1730.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1731.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1732.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1733.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1734.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1735.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1737.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1738.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1739.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1741.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1742.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/projects/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2006-0330.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/04/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0330\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"thunderbird-1.0.8-1.4.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:27", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=330900", "https://bugzilla.mozilla.org/show_bug.cgi?id=275896"], "pluginID": "21284", "description": "A number of vulnerabilities have been discovered in the Mozilla Thunderbird email client that could allow a remote attacker to craft malicious web emails that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, or other information. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the program.\n\nAs well, two crasher bugs have been fixed as well.\n\nThe updated packages have been patched to fix these problems.", "edition": 6, "reporter": "Tenable", "published": "2006-04-26T00:00:00", "title": "Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-0293", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-0296", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmime", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:mozilla-thunderbird", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail"], "id": "MANDRAKE_MDKSA-2006-078.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21284", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:078. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21284);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2006-0292\", \"CVE-2006-0293\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1045\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_xref(name:\"MDKSA\", value:\"2006:078\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities have been discovered in the Mozilla\nThunderbird email client that could allow a remote attacker to craft\nmalicious web emails that could take advantage of these issues to\nexecute arbitrary code with elevated privileges, spoof content, and\nsteal local files, or other information. As well, some of these\nvulnerabilities can be exploited to execute arbitrary code with the\nprivileges of the user running the program.\n\nAs well, two crasher bugs have been fixed as well.\n\nThe updated packages have been patched to fix these problems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=275896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=330900\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected mozilla-thunderbird, mozilla-thunderbird-enigmail\nand / or mozilla-thunderbird-enigmime packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/04/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"mozilla-thunderbird-1.0.6-7.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"mozilla-thunderbird-enigmail-1.0.6-7.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"mozilla-thunderbird-enigmime-1.0.6-7.6.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:37:30", "references": [], "pluginID": "21321", "description": "Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user. (CVE-2006-0292, CVE-2006-1742)\n\nThe function XULDocument.persist() did not sufficiently validate the names of attributes. An attacker could exploit this to inject arbitrary XML code into the file 'localstore.rdf', which is read and evaluated at startup. This could include JavaScript commands that would be run with the user's privileges. (CVE-2006-0296)\n\nDue to a flaw in the HTML tag parser a specific sequence of HTML tags caused memory corruption. A malicious HTML email could exploit this to crash the browser or even execute arbitrary code with the user's privileges. (CVE-2006-0748)\n\nAn invalid ordering of table-related tags caused Thunderbird to use a negative array index. A malicious HTML email could exploit this to execute arbitrary code with the privileges of the user.\n(CVE-2006-0749)\n\nGeorgi Guninski discovered that forwarding mail in-line while using the default HTML 'rich mail' editor executed JavaScript embedded in the email message. Forwarding mail in-line is not the default setting but it is easily accessed through the 'Forward As' menu item.\n(CVE-2006-0884)\n\nAs a privacy measure to prevent senders (primarily spammers) from tracking when email is read Thunderbird does not load remote content referenced from an HTML mail message until a user tells it to do so.\nThis normally includes the content of frames and CSS files. It was discovered that it was possible to bypass this restriction by indirectly including remote content through an intermediate inline CSS script or frame. (CVE-2006-1045)\n\nGeorgi Guninski discovered that embedded XBL scripts could escalate their (normally reduced) privileges to get full privileges of the user if the email is viewed with 'Print Preview'. (CVE-2006-1727)\n\nThe crypto.generateCRMFRequest() function had a flaw which could be exploited to run arbitrary code with the user's privileges.\n(CVE-2006-1728)\n\nAn integer overflow was detected in the handling of the CSS property 'letter-spacing'. A malicious HTML email could exploit this to run arbitrary code with the user's privileges. (CVE-2006-1730)\n\nThe methods valueOf.call() and .valueOf.apply() returned an object whose privileges were not properly confined to those of the caller, which made them vulnerable to cross-site scripting attacks. A malicious email with embedded JavaScript code could exploit this to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-1731) The window.controllers array variable (CVE-2006-1732) and event handlers (CVE-2006-1741) were vulnerable to a similar attack.\n\nThe privileged built-in XBL bindings were not fully protected from web content and could be accessed by calling valueOf.call() and valueOf.apply() on a method of that binding. A malicious email could exploit this to run arbitrary JavaScript code with the user's privileges. (CVE-2006-1733)\n\nIt was possible to use the Object.watch() method to access an internal function object (the 'clone parent'). A malicious email containing JavaScript code could exploit this to execute arbitrary code with the user's privileges. (CVE-2006-1734)\n\nBy calling the XBL.method.eval() method in a special way it was possible to create JavaScript functions that would get compiled with the wrong privileges. A malicious email could exploit this to execute arbitrary JavaScript code with the user's privileges. (CVE-2006-1735)\n\nSeveral crashes have been fixed which could be triggered by specially crafted HTML content and involve memory corruption. These could potentially be exploited to execute arbitrary code with the user's privileges. (CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nThe 'enigmail' plugin has been updated to work with the new Thunderbird and Mozilla versions.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2006-05-03T00:00:00", "title": "Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-0293", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-0296", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-08-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mozilla-enigmail", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-offline", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-enigmail"], "id": "UBUNTU_USN-276-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21321", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-276-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21321);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/08/15 16:35:43\");\n\n script_cve_id(\"CVE-2006-0292\", \"CVE-2006-0293\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1045\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_xref(name:\"USN\", value:\"276-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Igor Bukanov discovered that the JavaScript engine did not properly\ndeclare some temporary variables. Under some rare circumstances, a\nmalicious mail with embedded JavaScript could exploit this to execute\narbitrary code with the privileges of the user. (CVE-2006-0292,\nCVE-2006-1742)\n\nThe function XULDocument.persist() did not sufficiently validate the\nnames of attributes. An attacker could exploit this to inject\narbitrary XML code into the file 'localstore.rdf', which is read and\nevaluated at startup. This could include JavaScript commands that\nwould be run with the user's privileges. (CVE-2006-0296)\n\nDue to a flaw in the HTML tag parser a specific sequence of HTML tags\ncaused memory corruption. A malicious HTML email could exploit this to\ncrash the browser or even execute arbitrary code with the user's\nprivileges. (CVE-2006-0748)\n\nAn invalid ordering of table-related tags caused Thunderbird to use a\nnegative array index. A malicious HTML email could exploit this to\nexecute arbitrary code with the privileges of the user.\n(CVE-2006-0749)\n\nGeorgi Guninski discovered that forwarding mail in-line while using\nthe default HTML 'rich mail' editor executed JavaScript embedded in\nthe email message. Forwarding mail in-line is not the default setting\nbut it is easily accessed through the 'Forward As' menu item.\n(CVE-2006-0884)\n\nAs a privacy measure to prevent senders (primarily spammers) from\ntracking when email is read Thunderbird does not load remote content\nreferenced from an HTML mail message until a user tells it to do so.\nThis normally includes the content of frames and CSS files. It was\ndiscovered that it was possible to bypass this restriction by\nindirectly including remote content through an intermediate inline CSS\nscript or frame. (CVE-2006-1045)\n\nGeorgi Guninski discovered that embedded XBL scripts could escalate\ntheir (normally reduced) privileges to get full privileges of the user\nif the email is viewed with 'Print Preview'. (CVE-2006-1727)\n\nThe crypto.generateCRMFRequest() function had a flaw which could be\nexploited to run arbitrary code with the user's privileges.\n(CVE-2006-1728)\n\nAn integer overflow was detected in the handling of the CSS property\n'letter-spacing'. A malicious HTML email could exploit this to run\narbitrary code with the user's privileges. (CVE-2006-1730)\n\nThe methods valueOf.call() and .valueOf.apply() returned an object\nwhose privileges were not properly confined to those of the caller,\nwhich made them vulnerable to cross-site scripting attacks. A\nmalicious email with embedded JavaScript code could exploit this to\nmodify the contents or steal confidential data (such as passwords)\nfrom other opened web pages. (CVE-2006-1731) The window.controllers\narray variable (CVE-2006-1732) and event handlers (CVE-2006-1741) were\nvulnerable to a similar attack.\n\nThe privileged built-in XBL bindings were not fully protected from web\ncontent and could be accessed by calling valueOf.call() and\nvalueOf.apply() on a method of that binding. A malicious email could\nexploit this to run arbitrary JavaScript code with the user's\nprivileges. (CVE-2006-1733)\n\nIt was possible to use the Object.watch() method to access an internal\nfunction object (the 'clone parent'). A malicious email containing\nJavaScript code could exploit this to execute arbitrary code with the\nuser's privileges. (CVE-2006-1734)\n\nBy calling the XBL.method.eval() method in a special way it was\npossible to create JavaScript functions that would get compiled with\nthe wrong privileges. A malicious email could exploit this to execute\narbitrary JavaScript code with the user's privileges. (CVE-2006-1735)\n\nSeveral crashes have been fixed which could be triggered by specially\ncrafted HTML content and involve memory corruption. These could\npotentially be exploited to execute arbitrary code with the user's\nprivileges. (CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,\nCVE-2006-1790)\n\nThe 'enigmail' plugin has been updated to work with the new\nThunderbird and Mozilla versions.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-offline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/03\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2018 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-enigmail\", pkgver:\"0.92.1-0ubuntu05.04.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird\", pkgver:\"1.0.8-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"1.0.8-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-enigmail\", pkgver:\"0.92.1-0ubuntu05.04.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-inspector\", pkgver:\"1.0.8-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-offline\", pkgver:\"1.0.8-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mozilla-thunderbird-typeaheadfind\", pkgver:\"1.0.8-0ubuntu05.04\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mozilla-enigmail\", pkgver:\"0.92.1-0ubuntu05.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mozilla-thunderbird\", pkgver:\"1.0.8-0ubuntu05.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"1.0.8-0ubuntu05.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mozilla-thunderbird-enigmail\", pkgver:\"0.92.1-0ubuntu05.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mozilla-thunderbird-inspector\", pkgver:\"1.0.8-0ubuntu05.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mozilla-thunderbird-offline\", pkgver:\"1.0.8-0ubuntu05.10.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mozilla-thunderbird-typeaheadfind\", pkgver:\"1.0.8-0ubuntu05.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-enigmail / mozilla-thunderbird / mozilla-thunderbird-dev / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:33:53", "references": ["http://www.nessus.org/u?8770cc02", "http://www.nessus.org/u?286773cb", "http://www.nessus.org/u?2798d3f4"], "pluginID": "21994", "description": "Updated thunderbird packages that fix various bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages but which were not public at the time of release. No changes have been made to the packages.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral bugs were found in the way Thunderbird processes malformed JavaScript. A malicious HTML mail message could modify the content of a different open HTML mail message, possibly stealing sensitive information or conducting a cross-site scripting attack. Please note that JavaScript support is disabled by default in Thunderbird.\n(CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Thunderbird processes certain JavaScript actions. A malicious HTML mail message could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. Please note that JavaScript support is disabled by default in Thunderbird. (CVE-2006-0292, CVE-2006-0296, CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Thunderbird processes malformed HTML mail messages. A carefully crafted malicious HTML mail message could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nA bug was found in the way Thunderbird processes certain inline content in HTML mail messages. It may be possible for a remote attacker to send a carefully crafted mail message to the victim, which will fetch remote content, even if Thunderbird is configured not to fetch remote content. (CVE-2006-1045)\n\nA bug was found in the way Thunderbird executes in-line mail forwarding. If a user can be tricked into forwarding a maliciously crafted mail message as in-line content, it is possible for the message to execute JavaScript with the permissions of 'chrome'.\n(CVE-2006-0884)\n\nUsers of Thunderbird are advised to upgrade to these updated packages containing Thunderbird version 1.0.8, which is not vulnerable to these issues.", "edition": 6, "reporter": "Tenable", "published": "2006-07-05T00:00:00", "title": "CentOS 4 : thunderbird (CESA-2006:0330)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-0296", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS_RHSA-2006-0330.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21994", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0330 and \n# CentOS Errata and Security Advisory 2006:0330 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21994);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/09 17:06:35\");\n\n script_cve_id(\"CVE-2006-0292\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1045\", \"CVE-2006-1724\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_xref(name:\"RHSA\", value:\"2006:0330\");\n\n script_name(english:\"CentOS 4 : thunderbird (CESA-2006:0330)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated thunderbird packages that fix various bugs are now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include the\ndetails of additional issues that were fixed by these erratum packages\nbut which were not public at the time of release. No changes have been\nmade to the packages.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral bugs were found in the way Thunderbird processes malformed\nJavaScript. A malicious HTML mail message could modify the content of\na different open HTML mail message, possibly stealing sensitive\ninformation or conducting a cross-site scripting attack. Please note\nthat JavaScript support is disabled by default in Thunderbird.\n(CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Thunderbird processes certain\nJavaScript actions. A malicious HTML mail message could execute\narbitrary JavaScript instructions with the permissions of 'chrome',\nallowing the page to steal sensitive information or install browser\nmalware. Please note that JavaScript support is disabled by default in\nThunderbird. (CVE-2006-0292, CVE-2006-0296, CVE-2006-1727,\nCVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735,\nCVE-2006-1742)\n\nSeveral bugs were found in the way Thunderbird processes malformed\nHTML mail messages. A carefully crafted malicious HTML mail message\ncould cause the execution of arbitrary code as the user running\nThunderbird. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1724,\nCVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,\nCVE-2006-1790)\n\nA bug was found in the way Thunderbird processes certain inline\ncontent in HTML mail messages. It may be possible for a remote\nattacker to send a carefully crafted mail message to the victim, which\nwill fetch remote content, even if Thunderbird is configured not to\nfetch remote content. (CVE-2006-1045)\n\nA bug was found in the way Thunderbird executes in-line mail\nforwarding. If a user can be tricked into forwarding a maliciously\ncrafted mail message as in-line content, it is possible for the\nmessage to execute JavaScript with the permissions of 'chrome'.\n(CVE-2006-0884)\n\nUsers of Thunderbird are advised to upgrade to these updated packages\ncontaining Thunderbird version 1.0.8, which is not vulnerable to these\nissues.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-April/012835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?286773cb\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-April/012837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8770cc02\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-April/012838.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2798d3f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"thunderbird-1.0.8-1.4.1.centos4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:49", "references": ["http://www.nessus.org/u?a95e0314", "http://www.nessus.org/u?68804485", "http://www.nessus.org/u?40793133", "http://www.nessus.org/u?719425dc", "http://www.nessus.org/u?89fa6b56", "http://www.nessus.org/u?ca34cdd8"], "pluginID": "21898", "description": "Updated mozilla packages that fix several security bugs are now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages but which were not public at the time of release. No changes have been made to the packages.\n\nMozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral bugs were found in the way Mozilla processes malformed JavaScript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Mozilla processes certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware.\n(CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Mozilla processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Mozilla.\n(CVE-2006-0748, CVE-2006-0749, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nA bug was found in the way Mozilla displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740)\n\nA bug was found in the way Mozilla allows JavaScript mutation events on 'input' form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729)\n\nA bug was found in the way Mozilla executes in-line mail forwarding.\nIf a user can be tricked into forwarding a maliciously crafted mail message as in-line content, it is possible for the message to execute JavaScript with the permissions of 'chrome'. (CVE-2006-0884)\n\nUsers of Mozilla are advised to upgrade to these updated packages containing Mozilla version 1.7.13 which corrects these issues.", "edition": 6, "reporter": "Tenable", "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : mozilla (CESA-2006:0329)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-08-09T00:00:00", "cpe": ["p-cpe:/a:centos:centos:devhelp-devel", "p-cpe:/a:centos:centos:mozilla-nspr-devel", "p-cpe:/a:centos:centos:mozilla-nspr", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:mozilla-nss", "p-cpe:/a:centos:centos:mozilla-nss-devel", "p-cpe:/a:centos:centos:mozilla", "p-cpe:/a:centos:centos:mozilla-chat", "p-cpe:/a:centos:centos:devhelp", "p-cpe:/a:centos:centos:mozilla-js-debugger", "p-cpe:/a:centos:centos:mozilla-dom-inspector", "p-cpe:/a:centos:centos:mozilla-devel", "p-cpe:/a:centos:centos:mozilla-mail", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2006-0329.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0329 and \n# CentOS Errata and Security Advisory 2006:0329 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21898);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/08/09 17:06:35\");\n\n script_cve_id(\"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1724\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_xref(name:\"RHSA\", value:\"2006:0329\");\n\n script_name(english:\"CentOS 3 / 4 : mozilla (CESA-2006:0329)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mozilla packages that fix several security bugs are now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include the\ndetails of additional issues that were fixed by these erratum packages\nbut which were not public at the time of release. No changes have been\nmade to the packages.\n\nMozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral bugs were found in the way Mozilla processes malformed\nJavaScript. A malicious web page could modify the content of a\ndifferent open web page, possibly stealing sensitive information or\nconducting a cross-site scripting attack. (CVE-2006-1731,\nCVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Mozilla processes certain\nJavaScript actions. A malicious web page could execute arbitrary\nJavaScript instructions with the permissions of 'chrome', allowing the\npage to steal sensitive information or install browser malware.\n(CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734,\nCVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Mozilla processes malformed web\npages. A carefully crafted malicious web page could cause the\nexecution of arbitrary code as the user running Mozilla.\n(CVE-2006-0748, CVE-2006-0749, CVE-2006-1730, CVE-2006-1737,\nCVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nA bug was found in the way Mozilla displays the secure site icon. If a\nbrowser is configured to display the non-default secure site modal\nwarning dialog, it may be possible to trick a user into believing they\nare viewing a secure site. (CVE-2006-1740)\n\nA bug was found in the way Mozilla allows JavaScript mutation events\non 'input' form elements. A malicious web page could be created in\nsuch a way that when a user submits a form, an arbitrary file could be\nuploaded to the attacker. (CVE-2006-1729)\n\nA bug was found in the way Mozilla executes in-line mail forwarding.\nIf a user can be tricked into forwarding a maliciously crafted mail\nmessage as in-line content, it is possible for the message to execute\nJavaScript with the permissions of 'chrome'. (CVE-2006-0884)\n\nUsers of Mozilla are advised to upgrade to these updated packages\ncontaining Mozilla version 1.7.13 which corrects these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-April/012821.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68804485\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-April/012822.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca34cdd8\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-April/012823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?719425dc\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-April/012824.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89fa6b56\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-April/012829.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a95e0314\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-April/012830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40793133\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-1.7.13-1.1.3.1.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-chat-1.7.13-1.1.3.1.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-devel-1.7.13-1.1.3.1.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-dom-inspector-1.7.13-1.1.3.1.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-js-debugger-1.7.13-1.1.3.1.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-mail-1.7.13-1.1.3.1.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-nspr-1.7.13-1.1.3.1.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-nspr-devel-1.7.13-1.1.3.1.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-nss-1.7.13-1.1.3.1.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mozilla-nss-devel-1.7.13-1.1.3.1.centos3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"devhelp-0.9.2-2.4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"devhelp-0.9.2-2.4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"devhelp-devel-0.9.2-2.4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"devhelp-devel-0.9.2-2.4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-1.7.13-1.4.1.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-chat-1.7.13-1.4.1.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-devel-1.7.13-1.4.1.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-dom-inspector-1.7.13-1.4.1.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-js-debugger-1.7.13-1.4.1.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-mail-1.7.13-1.4.1.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-nspr-1.7.13-1.4.1.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-nspr-devel-1.7.13-1.4.1.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-nss-1.7.13-1.4.1.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mozilla-nss-devel-1.7.13-1.4.1.centos4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:15", "references": ["https://www.redhat.com/security/data/cve/CVE-2006-1739.html", "http://rhn.redhat.com/errata/RHSA-2006-0329.html", "https://www.redhat.com/security/data/cve/CVE-2006-1737.html", "https://www.redhat.com/security/data/cve/CVE-2006-1741.html", "https://www.redhat.com/security/data/cve/CVE-2006-1730.html", "https://www.redhat.com/security/data/cve/CVE-2006-0749.html", "https://www.redhat.com/security/data/cve/CVE-2006-1731.html", "https://www.redhat.com/security/data/cve/CVE-2006-1728.html", "https://www.redhat.com/security/data/cve/CVE-2006-1734.html", "https://www.redhat.com/security/data/cve/CVE-2006-1727.html", "https://www.redhat.com/security/data/cve/CVE-2006-0884.html", "https://www.redhat.com/security/data/cve/CVE-2006-1732.html", "https://www.redhat.com/security/data/cve/CVE-2006-1790.html", "https://www.redhat.com/security/data/cve/CVE-2006-1735.html", "https://www.redhat.com/security/data/cve/CVE-2006-1740.html", "https://www.redhat.com/security/data/cve/CVE-2006-0748.html", "https://www.redhat.com/security/data/cve/CVE-2006-1724.html", "http://www.mozilla.org/projects/security/known-vulnerabilities.html#", "https://www.redhat.com/security/data/cve/CVE-2006-1733.html", "https://www.redhat.com/security/data/cve/CVE-2006-1738.html", "https://www.redhat.com/security/data/cve/CVE-2006-1742.html", "https://www.redhat.com/security/data/cve/CVE-2006-1729.html"], "pluginID": "21257", "description": "Updated mozilla packages that fix several security bugs are now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages but which were not public at the time of release. No changes have been made to the packages.\n\nMozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral bugs were found in the way Mozilla processes malformed JavaScript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Mozilla processes certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware.\n(CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Mozilla processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Mozilla.\n(CVE-2006-0748, CVE-2006-0749, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nA bug was found in the way Mozilla displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740)\n\nA bug was found in the way Mozilla allows JavaScript mutation events on 'input' form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729)\n\nA bug was found in the way Mozilla executes in-line mail forwarding.\nIf a user can be tricked into forwarding a maliciously crafted mail message as in-line content, it is possible for the message to execute JavaScript with the permissions of 'chrome'. (CVE-2006-0884)\n\nUsers of Mozilla are advised to upgrade to these updated packages containing Mozilla version 1.7.13 which corrects these issues.", "edition": 6, "reporter": "Tenable", "published": "2006-04-21T00:00:00", "title": "RHEL 2.1 / 3 / 4 : mozilla (RHSA-2006:0329)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:mozilla", "p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel", "p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger", "p-cpe:/a:redhat:enterprise_linux:mozilla-chat", "p-cpe:/a:redhat:enterprise_linux:galeon", "p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector", "p-cpe:/a:redhat:enterprise_linux:mozilla-devel", "p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel", "p-cpe:/a:redhat:enterprise_linux:mozilla-nss", "p-cpe:/a:redhat:enterprise_linux:devhelp-devel", "p-cpe:/a:redhat:enterprise_linux:mozilla-mail", "p-cpe:/a:redhat:enterprise_linux:mozilla-nspr", "p-cpe:/a:redhat:enterprise_linux:devhelp"], "id": "REDHAT-RHSA-2006-0329.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21257", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0329. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21257);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1724\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_xref(name:\"RHSA\", value:\"2006:0329\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : mozilla (RHSA-2006:0329)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mozilla packages that fix several security bugs are now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 24 Apr 2006] The erratum text has been updated to include the\ndetails of additional issues that were fixed by these erratum packages\nbut which were not public at the time of release. No changes have been\nmade to the packages.\n\nMozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral bugs were found in the way Mozilla processes malformed\nJavaScript. A malicious web page could modify the content of a\ndifferent open web page, possibly stealing sensitive information or\nconducting a cross-site scripting attack. (CVE-2006-1731,\nCVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Mozilla processes certain\nJavaScript actions. A malicious web page could execute arbitrary\nJavaScript instructions with the permissions of 'chrome', allowing the\npage to steal sensitive information or install browser malware.\n(CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734,\nCVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Mozilla processes malformed web\npages. A carefully crafted malicious web page could cause the\nexecution of arbitrary code as the user running Mozilla.\n(CVE-2006-0748, CVE-2006-0749, CVE-2006-1730, CVE-2006-1737,\nCVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nA bug was found in the way Mozilla displays the secure site icon. If a\nbrowser is configured to display the non-default secure site modal\nwarning dialog, it may be possible to trick a user into believing they\nare viewing a secure site. (CVE-2006-1740)\n\nA bug was found in the way Mozilla allows JavaScript mutation events\non 'input' form elements. A malicious web page could be created in\nsuch a way that when a user submits a form, an arbitrary file could be\nuploaded to the attacker. (CVE-2006-1729)\n\nA bug was found in the way Mozilla executes in-line mail forwarding.\nIf a user can be tricked into forwarding a maliciously crafted mail\nmessage as in-line content, it is possible for the message to execute\nJavaScript with the permissions of 'chrome'. (CVE-2006-0884)\n\nUsers of Mozilla are advised to upgrade to these updated packages\ncontaining Mozilla version 1.7.13 which corrects these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0748.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0749.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0884.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1724.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1727.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1728.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1729.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1730.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1731.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1732.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1733.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1734.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1735.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1737.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1738.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1739.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1740.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1741.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1742.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/projects/security/known-vulnerabilities.html#\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2006-0329.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/04/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0329\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"galeon-1.2.14-1.2.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-1.7.13-1.1.2.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-chat-1.7.13-1.1.2.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-devel-1.7.13-1.1.2.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-dom-inspector-1.7.13-1.1.2.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-js-debugger-1.7.13-1.1.2.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-mail-1.7.13-1.1.2.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nspr-1.7.13-1.1.2.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nspr-devel-1.7.13-1.1.2.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nss-1.7.13-1.1.2.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nss-devel-1.7.13-1.1.2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-1.7.13-1.1.3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-chat-1.7.13-1.1.3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-devel-1.7.13-1.1.3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-dom-inspector-1.7.13-1.1.3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-js-debugger-1.7.13-1.1.3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-mail-1.7.13-1.1.3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nspr-1.7.13-1.1.3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nspr-devel-1.7.13-1.1.3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nss-1.7.13-1.1.3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nss-devel-1.7.13-1.1.3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"devhelp-0.9.2-2.4.8\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"devhelp-0.9.2-2.4.8\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"devhelp-devel-0.9.2-2.4.8\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"devhelp-devel-0.9.2-2.4.8\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-1.7.13-1.4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-chat-1.7.13-1.4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-devel-1.7.13-1.4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-dom-inspector-1.7.13-1.4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-js-debugger-1.7.13-1.4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-mail-1.7.13-1.4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-nspr-1.7.13-1.4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-nspr-devel-1.7.13-1.4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-nss-1.7.13-1.4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mozilla-nss-devel-1.7.13-1.4.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / galeon / mozilla / mozilla-chat / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:53", "references": ["http://www.nessus.org/u?92848d5a", "https://security.gentoo.org/glsa/200605-09"], "pluginID": "21351", "description": "The remote host is affected by the vulnerability described in GLSA-200605-09 (Mozilla Thunderbird: Multiple vulnerabilities)\n\n Several vulnerabilities were found and fixed in Mozilla Thunderbird.\n Impact :\n\n A remote attacker could craft malicious emails that would leverage these issues to inject and execute arbitrary script code with elevated privileges, steal local files or other information from emails, and spoof content. Some of these vulnerabilities might even be exploited to execute arbitrary code with the rights of the user running Thunderbird.\n Workaround :\n\n There are no known workarounds for all the issues at this time.", "edition": 6, "reporter": "Tenable", "published": "2006-05-13T00:00:00", "title": "GLSA-200605-09 : Mozilla Thunderbird: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-0296", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin", "p-cpe:/a:gentoo:linux:mozilla-thunderbird"], "id": "GENTOO_GLSA-200605-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21351", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200605-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21351);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2006-0292\", \"CVE-2006-0296\", \"CVE-2006-0748\", \"CVE-2006-0749\", \"CVE-2006-0884\", \"CVE-2006-1045\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_xref(name:\"GLSA\", value:\"200605-09\");\n\n script_name(english:\"GLSA-200605-09 : Mozilla Thunderbird: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200605-09\n(Mozilla Thunderbird: Multiple vulnerabilities)\n\n Several vulnerabilities were found and fixed in Mozilla\n Thunderbird.\n \nImpact :\n\n A remote attacker could craft malicious emails that would leverage\n these issues to inject and execute arbitrary script code with elevated\n privileges, steal local files or other information from emails, and\n spoof content. Some of these vulnerabilities might even be exploited to\n execute arbitrary code with the rights of the user running Thunderbird.\n \nWorkaround :\n\n There are no known workarounds for all the issues at this time.\"\n );\n # http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92848d5a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200605-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mozilla Thunderbird users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-1.0.8'\n All Mozilla Thunderbird binary users should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-1.0.8'\n Note: There is no stable fixed version for the ALPHA\n architecture yet. Users of Mozilla Thunderbird on ALPHA should consider\n unmerging it until such a version is available.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird-bin\", unaffected:make_list(\"ge 1.0.8\"), vulnerable:make_list(\"lt 1.0.8\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird\", unaffected:make_list(\"ge 1.0.8\"), vulnerable:make_list(\"lt 1.0.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:43", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2006-07/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-12/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-14/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-02/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-08/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-10/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-09/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-01/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-16/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-13/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-17/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-11/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-06/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-15/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-18/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-19/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-04/", "https://www.mozilla.org/en-US/security/advisories/mfsa2006-03/"], "pluginID": "20863", "description": "The remote Windows host is using SeaMonkey, an alternative web browser and application suite. \n\nThe installed version of SeaMonkey contains various security issues, some of which can be exploited to execute arbitrary code on the affected host subject to the user's privileges.", "edition": 7, "reporter": "Tenable", "published": "2006-02-05T00:00:00", "title": "SeaMonkey < 1.0 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1739", "CVE-2006-0299", "CVE-2006-0293", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-1731", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-0294", "CVE-2006-0295", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-0298", "CVE-2006-0297", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_10.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20863", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(20863);\n script_version(\"1.18\");\n script_cve_id(\"CVE-2005-4134\", \"CVE-2006-0292\", \"CVE-2006-0293\", \"CVE-2006-0294\",\n \"CVE-2006-0295\", \"CVE-2006-0296\", \"CVE-2006-0297\", \"CVE-2006-0298\",\n \"CVE-2006-0299\", \"CVE-2006-0749\", \"CVE-2006-1731\", \"CVE-2006-1732\",\n \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1736\",\n \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\");\n script_bugtraq_id(16476);\n\n script_name(english:\"SeaMonkey < 1.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for SeaMonkey < 1.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser on the remote host is prone to multiple flaws.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is using SeaMonkey, an alternative web browser\nand application suite. \n\nThe installed version of SeaMonkey contains various security issues,\nsome of which can be exploited to execute arbitrary code on the\naffected host subject to the user's privileges.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-01/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-02/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-03/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-04/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-06/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-07/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-08/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-09/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-10/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-11/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-12/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-13/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-14/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-15/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-16/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-17/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-18/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2006-19/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SeaMonkey 1.0 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox location.QueryInterface() Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 79, 119, 264, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/02/02\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/12/07\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n \n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\n\n\nver = read_version_in_kb(\"SeaMonkey/Version\");\nif (isnull(ver)) exit(0);\n\nif (\n ver[0] < 1 ||\n (ver[0] == 1 && ver[1] == 0 && ver[4] =~ \"^[ab]$\")\n) security_hole(get_kb_item(\"SMB/transport\"));\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:09", "references": ["http://www.nessus.org/u?cb4b6f07"], "pluginID": "21250", "description": "Several bugs were found in the way Firefox processes malformed JavaScript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Firefox processes certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware.\n(CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Firefox processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Firefox.\n(CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790) \n\nA bug was found in the way Firefox displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740)\n\nA bug was found in the way Firefox allows JavaScript mutation events on 'input' form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2006-04-21T00:00:00", "title": "Fedora Core 4 : firefox-1.0.8-1.1.fc4 (2006-410)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:firefox-debuginfo"], "id": "FEDORA_2006-410.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21250", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-410.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21250);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/19 23:19:05\");\n\n script_cve_id(\"CVE-2006-0749\", \"CVE-2006-1724\", \"CVE-2006-1727\", \"CVE-2006-1728\", \"CVE-2006-1729\", \"CVE-2006-1730\", \"CVE-2006-1731\", \"CVE-2006-1732\", \"CVE-2006-1733\", \"CVE-2006-1734\", \"CVE-2006-1735\", \"CVE-2006-1737\", \"CVE-2006-1738\", \"CVE-2006-1739\", \"CVE-2006-1740\", \"CVE-2006-1741\", \"CVE-2006-1742\", \"CVE-2006-1790\");\n script_xref(name:\"FEDORA\", value:\"2006-410\");\n\n script_name(english:\"Fedora Core 4 : firefox-1.0.8-1.1.fc4 (2006-410)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several bugs were found in the way Firefox processes malformed\nJavaScript. A malicious web page could modify the content of a\ndifferent open web page, possibly stealing sensitive information or\nconducting a cross-site scripting attack. (CVE-2006-1731,\nCVE-2006-1732, CVE-2006-1741)\n\nSeveral bugs were found in the way Firefox processes certain\nJavaScript actions. A malicious web page could execute arbitrary\nJavaScript instructions with the permissions of 'chrome', allowing the\npage to steal sensitive information or install browser malware.\n(CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734,\nCVE-2006-1735, CVE-2006-1742)\n\nSeveral bugs were found in the way Firefox processes malformed web\npages. A carefully crafted malicious web page could cause the\nexecution of arbitrary code as the user running Firefox.\n(CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737,\nCVE-2006-1738, CVE-2006-1739, CVE-2006-1790) \n\nA bug was found in the way Firefox displays the secure site icon. If a\nbrowser is configured to display the non-default secure site modal\nwarning dialog, it may be possible to trick a user into believing they\nare viewing a secure site. (CVE-2006-1740)\n\nA bug was found in the way Firefox allows JavaScript mutation events\non 'input' form elements. A malicious web page could be created in\nsuch a way that when a user submits a form, an arbitrary file could be\nuploaded to the attacker. (CVE-2006-1729)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2006-April/002116.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb4b6f07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"firefox-1.0.8-1.1.fc4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"firefox-debuginfo-1.0.8-1.1.fc4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-05-11T21:14:38", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "src", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "ia64", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "ppc", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "s390", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "s390x", "packageName": "thunderbird", "packageFilename": "thunderbird-1.0.8-1.4.1.s390x.rpm", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nSeveral bugs were found in the way Thunderbird processes malformed\r\njavascript. A malicious HTML mail message could modify the content of a\r\ndifferent open HTML mail message, possibly stealing sensitive information\r\nor conducting a cross-site scripting attack. Please note that JavaScript\r\nsupport is disabled by default in Thunderbird. (CVE-2006-1731,\r\nCVE-2006-1732, CVE-2006-1741)\r\n\r\nSeveral bugs were found in the way Thunderbird processes certain \r\njavascript actions. A malicious HTML mail message could execute arbitrary \r\njavascript instructions with the permissions of 'chrome', allowing the \r\npage to steal sensitive information or install browser malware. Please \r\nnote that JavaScript support is disabled by default in Thunderbird. \r\n(CVE-2006-0292, CVE-2006-0296, CVE-2006-1727, CVE-2006-1728, CVE-2006-1733,\r\nCVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\r\n\r\nSeveral bugs were found in the way Thunderbird processes malformed HTML\r\nmail messages. A carefully crafted malicious HTML mail message could \r\ncause the execution of arbitrary code as the user running Thunderbird.\r\n(CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737,\r\nCVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\r\n\r\nA bug was found in the way Thunderbird processes certain inline content \r\nin HTML mail messages. It may be possible for a remote attacker to send a\r\ncarefully crafted mail message to the victim, which will fetch remote\r\ncontent, even if Thunderbird is configured not to fetch remote content.\r\n(CVE-2006-1045)\r\n\r\nA bug was found in the way Thunderbird executes in-line mail forwarding. If\r\na user can be tricked into forwarding a maliciously crafted mail message as\r\nin-line content, it is possible for the message to execute javascript with\r\nthe permissions of \"chrome\". (CVE-2006-0884)\r\n\r\nUsers of Thunderbird are advised to upgrade to these updated packages\r\ncontaining Thunderbird version 1.0.8, which is not vulnerable to these \r\nissues.", "reporter": "RedHat", "published": "2006-04-21T04:00:00", "type": "redhat", "title": "(RHSA-2006:0330) thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-0292", "CVE-2006-0296", "CVE-2006-0748", "CVE-2006-0749", "CVE-2006-0884", "CVE-2006-1045", "CVE-2006-1724", "CVE-2006-1727", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1731", "CVE-2006-1732", "CVE-2006-1733", "CVE-2006-1734", "CVE-2006-1735", "CVE-2006-1737", "CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1741", "CVE-2006-1742", "CVE-2006-1790"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-11T23:27:22", "id": "RHSA-2006:0330", "href": "https://access.redhat.com/errata/RHSA-2006:0330", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:20", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "x86_64", "packageFilename": "firefox-1.0.8-1.4.1.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "src", "packageFilename": "firefox-1.0.8-1.4.1.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "ia64", "packageFilename": "firefox-1.0.8-1.4.1.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "i386", "packageFilename": "firefox-1.0.8-1.4.1.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "ppc", "packageFilename": "firefox-1.0.8-1.4.1.ppc.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "s390", "packageFilename": "firefox-1.0.8-1.4.1.s390.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.8-1.4.1", "arch": "s390x", "packageFilename": "firefox-1.0.8-1.4.1.s390x.rpm", "packageName": "firefox", "operator": "lt"}], "description": "Mozilla Firefox is an open source Web browser.\r\n\r\nSeveral bugs were found in the way Firefox processes malformed javascript.\r\nA malicious web page could modify the content of a different open web page,\r\npossibly stealing sensitive information or conducting a cross-site\r\nscripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\r\n\r\nSeveral bugs were found in the way Firefox processes certain javascript\r\nactions. A malicious web page could execute arbitrary javascript\r\ninstructions with the permissions of \"chrome\", allowing the page to steal\r\nsensitive information or install browser malware. (CVE-2006-1727,\r\nCVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\r\n\r\nSeveral bugs were found in the way Firefox processes malformed web pages.\r\nA carefully crafted malicious web page could cause the execution of\r\narbitrary code as the user running Firefox. (CVE-2006-0748, CVE-2006-0749,\r\nCVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,\r\nCVE-2006-1790) \r\n\r\nA bug was found in the way Firefox displays the secure site icon. If a\r\nbrowser is configured to display the non-default secure site modal warning\r\ndialog, it may be possible to trick a user into believing they are viewing\r\na secure site. (CVE-2006-1740)\r\n\r\nA bug was found in the way Firefox allows javascript mutation events on\r\n\"input\" form elements. A malicious web page could be created in such a way\r\nthat when a user submits a form, an arbitrary file could be uploaded to the\r\nattacker. (CVE-2006-1729)\r\n\r\nUsers of Firefox are advised to upgrade to these updated packages\r\ncontaining Firefox version 1.0.8 which corrects these issues.", "reporter": "RedHat", "published": "2006-04-14T04:00:00", "type": "redhat", "title": "(RHSA-2006:0328) firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-0748", "CVE-2006-0749", "CVE-2006-1724", "CVE-2006-1727", "CVE-2006-1728", "CVE-2006-1729", "CVE-2006-1730", "CVE-2006-1731", "CVE-2006-1732", "CVE-2006-1733", "CVE-2006-1734", "CVE-2006-1735", "CVE-2006-1737", "CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1742", "CVE-2006-1790"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:56:54", "id": "RHSA-2006:0328", "href": "https://access.redhat.com/errata/RHSA-2006:0328", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-05-11T21:13:53", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.2-2.4.8", "arch": "i386", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.14-1.2.8", "arch": "ia64", "packageName": "galeon", "packageFilename": "galeon-1.2.14-1.2.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.2-2.4.8", "arch": "x86_64", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.2-2.4.8", "arch": "ppc", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.14-1.2.8", "arch": "i386", "packageName": "galeon", "packageFilename": "galeon-1.2.14-1.2.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.2-2.4.8", "arch": "i386", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.9.2-2.4.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.2-2.4.8", "arch": "x86_64", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.2-2.4.8", "arch": "ppc", "packageName": "devhelp", "packageFilename": "devhelp-0.9.2-2.4.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ppc", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.4.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "i386", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.1.2.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.4.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "x86_64", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "i386", "packageName": "mozilla-chat", "packageFilename": "mozilla-chat-1.7.13-1.1.3.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla", "packageFilename": "mozilla-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ppc", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "s390x", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.7.13-1.1.3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "i386", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.4.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "s390x", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.7.13-1.4.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.4.1", "arch": "ia64", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-1.7.13-1.4.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "x86_64", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-1.7.13-1.1.3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.3.1", "arch": "ia64", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.7.13-1.1.3.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.7.13-1.1.2.2", "arch": "ia64", "packageName": "mozilla-js-debugger", "packageFilename": "mozilla-js-debugger-1.7.13-1.1.2.2.ia64.rpm", "operator": "lt"}], "description": "Mozilla is an open source Web browser, advanced email and newsgroup client,\r\nIRC chat client, and HTML editor.\r\n\r\nSeveral bugs were found in the way Mozilla processes malformed javascript.\r\nA malicious web page could modify the content of a different open web\r\npage, possibly stealing sensitive information or conducting a cross-site\r\nscripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)\r\n\r\nSeveral bugs were found in the way Mozilla processes certain javascript\r\nactions. A malicious web page could execute arbitrary javascript\r\ninstructions with the permissions of \"chrome\", allowing the page to steal\r\nsensitive information or install browser malware. (CVE-2006-1727,\r\nCVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)\r\n\r\nSeveral bugs were found in the way Mozilla processes malformed web pages. \r\nA carefully crafted malicious web page could cause the execution of\r\narbitrary code as the user running Mozilla. (CVE-2006-0748, CVE-2006-0749,\r\nCVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\r\n\r\nA bug was found in the way Mozilla displays the secure site icon. If a\r\nbrowser is configured to display the non-default secure site modal warning\r\ndialog, it may be possible to trick a user into believing they are viewing\r\na secure site. (CVE-2006-1740)\r\n\r\nA bug was found in the way Mozilla allows javascript mutation events on\r\n\"input\" form elements. A malicious web page could be created in such a way\r\nthat when a user submits a form, an arbitrary file could be uploaded to the\r\nattacker. (CVE-2006-1729)\r\n\r\nA bug was found in the way Mozilla executes in-line mail forwarding. If a\r\nuser can be tricked into forwarding a maliciously crafted mail message as\r\nin-line content, it is possible for the message to execute javascript with\r\nthe permissions of \"chrome\". (CVE-2006-0884)\r\n\r\nUsers of Mozilla are advised to upgrade to these updated packages\r\ncontaining Mozilla version 1.7.13 which corrects these issues.", "reporter": "RedHat", "published": "2006-04-18T04:00:00", "type": "redhat", "title": "(RHSA-2006:0329) mozilla security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-0748", "CVE-2006-0749", "CVE-2006-0884", "CVE-2006-1724", "CVE-2006-1727", "CVE-2006-1728", "CVE-2006-1729", "CVE-2006-1730", "CVE-2006-1731", "CVE-2006-1732", "CVE-2006-1733", "CVE-2006-1734", "CVE-2006-1735", "CVE-2006-1737", "CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1742", "CVE-2006-1790"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-11T23:27:31", "id": "RHSA-2006:0329", "href": "https://access.redhat.com/errata/RHSA-2006:0329", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:07", "references": ["http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735", "https://bugs.gentoo.org/show_bug.cgi?id=130888", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.8", "packageName": "mail-client/mozilla-thunderbird-bin", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.8", "packageName": "mail-client/mozilla-thunderbird", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nMozilla Thunderbird is the next-generation mail client from the Mozilla project. \n\n### Description\n\nSeveral vulnerabilities were found and fixed in Mozilla Thunderbird. \n\n### Impact\n\nA remote attacker could craft malicious emails that would leverage these issues to inject and execute arbitrary script code with elevated privileges, steal local files or other information from emails, and spoof content. Some of these vulnerabilities might even be exploited to execute arbitrary code with the rights of the user running Thunderbird. \n\n### Workaround\n\nThere are no known workarounds for all the issues at this time. \n\n### Resolution\n\nAll Mozilla Thunderbird users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/mozilla-thunderbird-1.0.8\"\n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/mozilla-thunderbird-bin-1.0.8\"\n\nNote: There is no stable fixed version for the ALPHA architecture yet. Users of Mozilla Thunderbird on ALPHA should consider unmerging it until such a version is available.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2006-05-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Mozilla Thunderbird: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-0296", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2006-05-08T00:00:00", "id": "GLSA-200605-09", "href": "https://security.gentoo.org/glsa/200605-09", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:27", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0293", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736", "http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741", "https://bugs.gentoo.org/show_bug.cgi?id=130887", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.7.13", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.7.13", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla-bin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nThe Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. \n\n### Description\n\nSeveral vulnerabilities were found in Mozilla Suite. Version 1.7.13 was released to fix them. \n\n### Impact\n\nA remote attacker could craft malicious web pages or emails that would leverage these issues to inject and execute arbitrary script code with elevated privileges, steal local files, cookies or other information from web pages or emails, and spoof content. Some of these vulnerabilities might even be exploited to execute arbitrary code with the rights of the user running the client. \n\n### Workaround\n\nThere are no known workarounds for all the issues at this time. \n\n### Resolution\n\nAll Mozilla Suite users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-1.7.13\"\n\nAll Mozilla Suite binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-bin-1.7.13\"", "reporter": "Gentoo Foundation", "published": "2006-04-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Mozilla Suite: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-0293", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2006-04-28T00:00:00", "id": "GLSA-200604-18", "href": "https://security.gentoo.org/glsa/200604-18", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:46", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727", "https://bugs.gentoo.org/show_bug.cgi?id=129924", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738", "http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.8", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla-firefox", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.8", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla-firefox-bin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nMozilla Firefox is the next-generation web browser from the Mozilla project. \n\n### Description\n\nSeveral vulnerabilities were found in Mozilla Firefox. Versions 1.0.8 and 1.5.0.2 were released to fix them. \n\n### Impact\n\nA remote attacker could craft malicious web pages that would leverage these issues to inject and execute arbitrary script code with elevated privileges, steal local files, cookies or other information from web pages, and spoof content. Some of these vulnerabilities might even be exploited to execute arbitrary code with the rights of the browser user. \n\n### Workaround\n\nThere are no known workarounds for all the issues at this time. \n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-1.0.8\"\n\nAll Mozilla Firefox binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-bin-1.0.8\"", "reporter": "Gentoo Foundation", "published": "2006-04-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Mozilla Firefox: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2006-04-23T00:00:00", "id": "GLSA-200604-12", "href": "https://security.gentoo.org/glsa/200604-12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:50:51", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "i586", "packageFilename": "mozilla-spellchecker-1.7.11-9.5.i586.rpm", "packageName": "mozilla-spellchecker", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.2.10-0.6", "arch": "i586", "packageFilename": "epiphany-1.2.10-0.6.i586.rpm", "packageName": "epiphany", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "i586", "packageFilename": "mozilla-mail-1.7.11-9.5.i586.rpm", "packageName": "mozilla-mail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "x86_64", "packageFilename": "mozilla-dom-inspector-1.7.2-17.17.x86_64.rpm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "i586", "packageFilename": "mozilla-dom-inspector-1.7.8-5.20.i586.rpm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.3.19-6.3", "arch": "i586", "packageFilename": "galeon-1.3.19-6.3.i586.rpm", "packageName": "galeon", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "x86_64", "packageFilename": "mozilla-spellchecker-1.7.5-17.10.x86_64.rpm", "packageName": "mozilla-spellchecker", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "i586", "packageFilename": "mozilla-dom-inspector-1.7.2-17.17.i586.rpm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "i586", "packageFilename": "mozilla-spellchecker-1.7.8-5.20.i586.rpm", "packageName": "mozilla-spellchecker", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "i586", "packageFilename": "mozilla-devel-1.7.2-17.17.i586.rpm", "packageName": "mozilla-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10", "packageVersion": "1.5.0.8-0.2", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-1.5.0.8-0.2.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "i586", "packageFilename": "mozilla-irc-1.7.8-5.20.i586.rpm", "packageName": "mozilla-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "i586", "packageFilename": "mozilla-venkman-1.7.5-17.10.i586.rpm", "packageName": "mozilla-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.3.19-6.3", "arch": "x86_64", "packageFilename": "galeon-1.3.19-6.3.x86_64.rpm", "packageName": "galeon", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.75-0.7", "arch": "x86_64", "packageFilename": "mozilla-ko-1.75-0.7.x86_64.rpm", "packageName": "mozilla-ko", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "x86_64", "packageFilename": "mozilla-devel-1.7.5-17.10.x86_64.rpm", "packageName": "mozilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.0.8-0.2", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-1.0.8-0.2.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.0.8-0.2", "arch": "i586", "packageFilename": "MozillaFirefox-translations-1.0.8-0.2.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "i586", "packageFilename": "mozilla-spellchecker-1.7.5-17.10.i586.rpm", "packageName": "mozilla-spellchecker", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "i586", "packageFilename": "mozilla-mail-1.7.2-17.17.i586.rpm", "packageName": "mozilla-mail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "i586", "packageFilename": "mozilla-calendar-1.7.11-9.5.i586.rpm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10", "packageVersion": "1.5.0.8-0.2", "arch": "s390x", "packageFilename": "MozillaFirefox-1.5.0.8-0.2.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "i586", "packageFilename": "mozilla-spellchecker-1.7.2-17.17.i586.rpm", "packageName": "mozilla-spellchecker", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "ppc", "packageFilename": "mozilla-mail-1.7.11-9.5.ppc.rpm", "packageName": "mozilla-mail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.5-4.6", "arch": "x86_64", "packageFilename": "mozilla-cs-1.7.5-4.6.x86_64.rpm", "packageName": "mozilla-cs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "i586", "packageFilename": "mozilla-mail-1.7.5-17.10.i586.rpm", "packageName": "mozilla-mail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.0.8-0.2", "arch": "x86_64", "packageFilename": "MozillaFirefox-1.0.8-0.2.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "x86_64", "packageFilename": "mozilla-1.7.5-17.10.x86_64.rpm", "packageName": "mozilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "i586", "packageFilename": "mozilla-1.7.8-5.20.i586.rpm", "packageName": "mozilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "x86_64", "packageFilename": "mozilla-venkman-1.7.2-17.17.x86_64.rpm", "packageName": "mozilla-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "x86_64", "packageFilename": "mozilla-venkman-1.7.11-9.5.x86_64.rpm", "packageName": "mozilla-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "x86_64", "packageFilename": "mozilla-mail-1.7.5-17.10.x86_64.rpm", "packageName": "mozilla-mail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "x86_64", "packageFilename": "mozilla-irc-1.7.8-5.20.x86_64.rpm", "packageName": "mozilla-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.0.8-0.2", "arch": "i586", "packageFilename": "MozillaFirefox-translations-1.0.8-0.2.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "ppc", "packageFilename": "mozilla-irc-1.7.11-9.5.ppc.rpm", "packageName": "mozilla-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.2.10-0.6", "arch": "i586", "packageFilename": "epiphany-doc-1.2.10-0.6.i586.rpm", "packageName": "epiphany-doc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "x86_64", "packageFilename": "mozilla-calendar-1.7.5-17.10.x86_64.rpm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "i586", "packageFilename": "mozilla-1.7.2-17.17.i586.rpm", "packageName": "mozilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "x86_64", "packageFilename": "mozilla-calendar-1.7.11-9.5.x86_64.rpm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.0.8-0.2", "arch": "i586", "packageFilename": "MozillaFirefox-1.0.8-0.2.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "ppc", "packageFilename": "mozilla-venkman-1.7.11-9.5.ppc.rpm", "packageName": "mozilla-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "x86_64", "packageFilename": "mozilla-mail-1.7.8-5.20.x86_64.rpm", "packageName": "mozilla-mail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.0.8-0.2", "arch": "i586", "packageFilename": "MozillaFirefox-1.0.8-0.2.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "i586", "packageFilename": "mozilla-devel-1.7.11-9.5.i586.rpm", "packageName": "mozilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "i586", "packageFilename": "mozilla-venkman-1.7.2-17.17.i586.rpm", "packageName": "mozilla-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "ppc", "packageFilename": "mozilla-calendar-1.7.11-9.5.ppc.rpm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "0.8.2-4.7", "arch": "x86_64", "packageFilename": "epiphany-extensions-devel-0.8.2-4.7.x86_64.rpm", "packageName": "epiphany-extensions-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "i586", "packageFilename": "mozilla-devel-1.7.8-5.20.i586.rpm", "packageName": "mozilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.0.8-0.2", "arch": "ppc", "packageFilename": "MozillaFirefox-translations-1.0.8-0.2.ppc.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "ppc", "packageFilename": "mozilla-dom-inspector-1.7.11-9.5.ppc.rpm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "x86_64", "packageFilename": "mozilla-irc-1.7.11-9.5.x86_64.rpm", "packageName": "mozilla-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "x86_64", "packageFilename": "mozilla-calendar-1.7.8-5.20.x86_64.rpm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.6-0.6", "arch": "x86_64", "packageFilename": "mozilla-deat-1.7.6-0.6.x86_64.rpm", "packageName": "mozilla-deat", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "x86_64", "packageFilename": "mozilla-devel-1.7.2-17.17.x86_64.rpm", "packageName": "mozilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "x86_64", "packageFilename": "mozilla-devel-1.7.8-5.20.x86_64.rpm", "packageName": "mozilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "i586", "packageFilename": "mozilla-dom-inspector-1.7.11-9.5.i586.rpm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "i586", "packageFilename": "mozilla-calendar-1.7.2-17.17.i586.rpm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "x86_64", "packageFilename": "mozilla-devel-1.7.11-9.5.x86_64.rpm", "packageName": "mozilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.0.8-0.2", "arch": "i586", "packageFilename": "MozillaFirefox-translations-1.0.8-0.2.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.0.8-0.2", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-1.0.8-0.2.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "x86_64", "packageFilename": "mozilla-venkman-1.7.5-17.10.x86_64.rpm", "packageName": "mozilla-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "i586", "packageFilename": "mozilla-dom-inspector-1.7.5-17.10.i586.rpm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "i586", "packageFilename": "mozilla-venkman-1.7.8-5.20.i586.rpm", "packageName": "mozilla-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "x86_64", "packageFilename": "mozilla-mail-1.7.11-9.5.x86_64.rpm", "packageName": "mozilla-mail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "x86_64", "packageFilename": "mozilla-calendar-1.7.2-17.17.x86_64.rpm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.2.10-0.6", "arch": "x86_64", "packageFilename": "epiphany-1.2.10-0.6.x86_64.rpm", "packageName": "epiphany", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "ppc", "packageFilename": "mozilla-spellchecker-1.7.11-9.5.ppc.rpm", "packageName": "mozilla-spellchecker", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.7-0.7", "arch": "i586", "packageFilename": "mozilla-ja-1.7.7-0.7.i586.rpm", "packageName": "mozilla-ja", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "ppc", "packageFilename": "mozilla-1.7.11-9.5.ppc.rpm", "packageName": "mozilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "x86_64", "packageFilename": "mozilla-dom-inspector-1.7.5-17.10.x86_64.rpm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.0.8-0.2", "arch": "i586", "packageFilename": "MozillaFirefox-1.0.8-0.2.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "x86_64", "packageFilename": "mozilla-spellchecker-1.7.8-5.20.x86_64.rpm", "packageName": "mozilla-spellchecker", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "x86_64", "packageFilename": "mozilla-dom-inspector-1.7.11-9.5.x86_64.rpm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "0.8.2-4.7", "arch": "x86_64", "packageFilename": "epiphany-extensions-0.8.2-4.7.x86_64.rpm", "packageName": "epiphany-extensions", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "i586", "packageFilename": "mozilla-irc-1.7.2-17.17.i586.rpm", "packageName": "mozilla-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "x86_64", "packageFilename": "mozilla-spellchecker-1.7.2-17.17.x86_64.rpm", "packageName": "mozilla-spellchecker", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "x86_64", "packageFilename": "mozilla-spellchecker-1.7.11-9.5.x86_64.rpm", "packageName": "mozilla-spellchecker", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.0.8-0.2", "arch": "i586", "packageFilename": "MozillaFirefox-translations-1.0.8-0.2.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.7-0.7", "arch": "x86_64", "packageFilename": "mozilla-ja-1.7.7-0.7.x86_64.rpm", "packageName": "mozilla-ja", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "x86_64", "packageFilename": "mozilla-venkman-1.7.8-5.20.x86_64.rpm", "packageName": "mozilla-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "i586", "packageFilename": "mozilla-irc-1.7.11-9.5.i586.rpm", "packageName": "mozilla-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "x86_64", "packageFilename": "mozilla-1.7.11-9.5.x86_64.rpm", "packageName": "mozilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "i586", "packageFilename": "mozilla-mail-1.7.8-5.20.i586.rpm", "packageName": "mozilla-mail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "x86_64", "packageFilename": "mozilla-mail-1.7.2-17.17.x86_64.rpm", "packageName": "mozilla-mail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.78-0.7", "arch": "i586", "packageFilename": "mozilla-hu-1.78-0.7.i586.rpm", "packageName": "mozilla-hu", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "x86_64", "packageFilename": "mozilla-irc-1.7.5-17.10.x86_64.rpm", "packageName": "mozilla-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.2.10-0.6", "arch": "x86_64", "packageFilename": "epiphany-doc-1.2.10-0.6.x86_64.rpm", "packageName": "epiphany-doc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "i586", "packageFilename": "mozilla-irc-1.7.5-17.10.i586.rpm", "packageName": "mozilla-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "i586", "packageFilename": "mozilla-calendar-1.7.5-17.10.i586.rpm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "9.3-7.4", "arch": "x86_64", "packageFilename": "mozilla-32bit-9.3-7.4.x86_64.rpm", "packageName": "mozilla-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "i586", "packageFilename": "mozilla-devel-1.7.5-17.10.i586.rpm", "packageName": "mozilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.0.8-0.2", "arch": "ppc", "packageFilename": "MozillaFirefox-1.0.8-0.2.ppc.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "i586", "packageFilename": "mozilla-venkman-1.7.11-9.5.i586.rpm", "packageName": "mozilla-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "ppc", "packageFilename": "mozilla-devel-1.7.11-9.5.ppc.rpm", "packageName": "mozilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.6-0.6", "arch": "i586", "packageFilename": "mozilla-deat-1.7.6-0.6.i586.rpm", "packageName": "mozilla-deat", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.0.8-0.2", "arch": "i586", "packageFilename": "MozillaFirefox-1.0.8-0.2.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "x86_64", "packageFilename": "mozilla-dom-inspector-1.7.8-5.20.x86_64.rpm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "0.8.2-4.7", "arch": "i586", "packageFilename": "epiphany-extensions-0.8.2-4.7.i586.rpm", "packageName": "epiphany-extensions", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.5-4.6", "arch": "i586", "packageFilename": "mozilla-cs-1.7.5-4.6.i586.rpm", "packageName": "mozilla-cs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "x86_64", "packageFilename": "mozilla-1.7.8-5.20.x86_64.rpm", "packageName": "mozilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.7.11-9.5", "arch": "i586", "packageFilename": "mozilla-1.7.11-9.5.i586.rpm", "packageName": "mozilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.7.5-17.10", "arch": "i586", "packageFilename": "mozilla-1.7.5-17.10.i586.rpm", "packageName": "mozilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "x86_64", "packageFilename": "mozilla-irc-1.7.2-17.17.x86_64.rpm", "packageName": "mozilla-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "0.8.2-4.7", "arch": "i586", "packageFilename": "epiphany-extensions-devel-0.8.2-4.7.i586.rpm", "packageName": "epiphany-extensions-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.7.8-5.20", "arch": "i586", "packageFilename": "mozilla-calendar-1.7.8-5.20.i586.rpm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.75-0.7", "arch": "i586", "packageFilename": "mozilla-ko-1.75-0.7.i586.rpm", "packageName": "mozilla-ko", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.7.2-17.17", "arch": "x86_64", "packageFilename": "mozilla-1.7.2-17.17.x86_64.rpm", "packageName": "mozilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.78-0.7", "arch": "x86_64", "packageFilename": "mozilla-hu-1.78-0.7.x86_64.rpm", "packageName": "mozilla-hu", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.0.8-0.2", "arch": "x86_64", "packageFilename": "MozillaFirefox-1.0.8-0.2.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}], "description": "A number of security issues have been fixed in the Mozilla browser suite and the Mozilla Firefox browser. These problems could be used by remote attackers to gain privileges, gain access to confidential information or to cause denial of service attacks.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2006-04-20T13:13:08", "title": "remote code execution in MozillaFirefox,mozilla", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2006-04-20T13:13:08", "id": "SUSE-SA:2006:021", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-04/msg00007.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:03", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.0.8-0.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-1.0.8-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.0.8-0.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-1.0.8-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.0.8-0.1", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-1.0.8-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.0.8-0.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-1.0.8-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.0.8-0.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-1.0.8-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.0.8-0.1", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-1.0.8-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.0.8-0.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-1.0.8-0.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.0.8-0.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-1.0.8-0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.0.8-0.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-1.0.8-0.2.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "Various security bugs have been fixed in Mozilla Thunderbird, bringing it up to bugfix level of version 1.0.8.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2006-04-25T13:15:04", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "remote code execution in MozillaThunderbird", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0142", "CVE-2006-1739", "CVE-2005-0989", "CVE-2005-2707", "CVE-2006-0748", "CVE-2005-2265", "CVE-2005-0230", "CVE-2006-1728", "CVE-2005-0149", "CVE-2006-1730", "CVE-2005-0399", "CVE-2005-2706", "CVE-2005-2261", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2005-0255", "CVE-2006-0884", "CVE-2005-0590", "CVE-2006-1731", "CVE-2005-1532", "CVE-2004-1316", "CVE-2006-1727", "CVE-2006-1045", "CVE-2005-1159", "CVE-2005-2270", "CVE-2005-0587", "CVE-2006-0296", "CVE-2005-1160", "CVE-2005-0592", "CVE-2005-2269", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749", "CVE-2005-2266"], "modified": "2006-04-25T13:15:04", "id": "SUSE-SA:2006:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-04/msg00008.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:36:35", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "2.7.0pl2-1.2", "arch": "noarch", "packageFilename": "phpMyAdmin-2.7.0pl2-1.2.noarch.rpm", "packageName": "phpMyAdmin", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.7.0pl2-1.2", "arch": "noarch", "packageFilename": "phpMyAdmin-2.7.0pl2-1.2.noarch.rpm", "packageName": "phpMyAdmin", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "2.7.0pl2-1.2", "arch": "noarch", "packageFilename": "phpMyAdmin-2.7.0pl2-1.2.noarch.rpm", "packageName": "phpMyAdmin", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "2.7.0pl2-3", "arch": "noarch", "packageFilename": "phpMyAdmin-2.7.0pl2-3.noarch.rpm", "packageName": "phpMyAdmin", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "2.7.0pl2-1.2", "arch": "noarch", "packageFilename": "phpMyAdmin-2.7.0pl2-1.2.noarch.rpm", "packageName": "phpMyAdmin", "operator": "lt"}], "description": "Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665). We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2006-01-26T13:53:52", "title": "remote code execution in phpMyAdmin", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0142", "CVE-2006-1739", "CVE-2005-0989", "CVE-2005-2707", "CVE-2006-0748", "CVE-2005-2265", "CVE-2005-0230", "CVE-2006-1728", "CVE-2005-0149", "CVE-2005-3665", "CVE-2006-1730", "CVE-2005-0399", "CVE-2005-2706", "CVE-2005-2261", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2005-0255", "CVE-2006-0884", "CVE-2005-0590", "CVE-2006-1731", "CVE-2005-1532", "CVE-2004-1316", "CVE-2006-1727", "CVE-2006-1045", "CVE-2005-1159", "CVE-2005-2270", "CVE-2005-0587", "CVE-2006-0296", "CVE-2005-1160", "CVE-2005-0592", "CVE-2005-3787", "CVE-2005-2269", "CVE-2006-1735", "CVE-2005-4079", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749", "CVE-2005-2266"], "modified": "2006-01-26T13:53:52", "id": "SUSE-SA:2006:004", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-01/msg00012.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:08", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-4134", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1741", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1732", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1739", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1742", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1728", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0292", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1731", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1735", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1730", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1727", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1736", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1733", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1729", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1734", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1790", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0749", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0296", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1738", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1737", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1740"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "Web pages with extremely long titles caused subsequent launches of Firefox browser to hang for up to a few minutes, or caused Firefox to crash on computers with insufficient memory. (CVE-2005-4134)\n\nIgor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious website could exploit this to execute arbitrary code with the privileges of the user. (CVE-2006-0292, CVE-2006-1742)\n\nThe function XULDocument.persist() did not sufficiently validate the names of attributes. An attacker could exploit this to inject arbitrary XML code into the file \u2018localstore.rdf\u2019, which is read and evaluated at startup. This could include JavaScript commands that would be run with the user\u2019s privileges. (CVE-2006-0296)\n\nDue to a flaw in the HTML tag parser a specific sequence of HTML tags caused memory corruption. A malicious web site could exploit this to crash the browser or even execute arbitrary code with the user\u2019s privileges. (CVE-2006-0749)\n\nGeorgi Guninski discovered that embedded XBL scripts of web sites could escalate their (normally reduced) privileges to get full privileges of the user if that page is viewed with \u201cPrint Preview\u201d. (CVE-2006-1727)\n\nThe crypto.generateCRMFRequest() function had a flaw which could be exploited to run arbitrary code with the user\u2019s privileges. (CVE-2006-1728)\n\nClaus J\u00b4\u2510\u017brgensen and Jesse Ruderman discovered that a text input box could be pre-filled with a filename and then turned into a file-upload control with the contents intact. A malicious web site could exploit this to read any local file the user has read privileges for. (CVE-2006-1729)\n\nAn integer overflow was detected in the handling of the CSS property \u201cletter-spacing\u201d. A malicious web site could exploit this to run arbitrary code with the user\u2019s privileges. (CVE-2006-1730)\n\nThe methods valueOf.call() and .valueOf.apply() returned an object whose privileges were not properly confined to those of the caller, which made them vulnerable to cross-site scripting attacks. A malicious web site could exploit this to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-1731) The window.controllers array variable (CVE-2006-1732) and event handlers (CVE-2006-1741) were vulnerable to a similar attack.\n\nThe privileged built-in XBL bindings were not fully protected from web content and could be accessed by calling valueOf.call() and valueOf.apply() on a method of that binding. A malicious web site could exploit this to run arbitrary JavaScript code with the user\u2019s privileges. (CVE-2006-1733)\n\nIt was possible to use the Object.watch() method to access an internal function object (the \u201cclone parent\u201d). A malicious web site could exploit this to execute arbitrary JavaScript code with the user\u2019s privileges. (CVE-2006-1734)\n\nBy calling the XBL.method.eval() method in a special way it was possible to create JavaScript functions that would get compiled with the wrong privileges. A malicious web site could exploit this to execute arbitrary JavaScript code with the user\u2019s privileges. (CVE-2006-1735)\n\nMichael Krax discovered that by layering a transparent image link to an executable on top of a visible (and presumably desirable) image a malicious site could fool the user to right-click and choose \u201cSave image as\u2026\u201d from the context menu, which would download the executable instead of the image. (CVE-2006-1736)\n\nSeveral crashes have been fixed which could be triggered by web sites and involve memory corruption. These could potentially be exploited to execute arbitrary code with the user\u2019s privileges. (CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nIf the user has turned on the \u201cEntering secure site\u201d modal warning dialog, it was possible to spoof the browser\u2019s secure-site indicators (the lock icon and the gold URL field background) by first loading the target secure site in a pop-up window, then changing its location to a different site, which retained the displayed secure-browsing indicators from the original site. (CVE-2006-1740)", "edition": 3, "reporter": "Ubuntu", "published": "2006-04-20T00:00:00", "title": "Firefox vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2006-04-20T00:00:00", "id": "USN-271-1", "href": "https://usn.ubuntu.com/271-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:51", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0884", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1741", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1732", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1739", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1742", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1728", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0748", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1045", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0292", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1731", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1735", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1730", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1727", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1733", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1734", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1790", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0749", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0296", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1738", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1737"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-thunderbird", "operator": "lt"}], "description": "Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user. (CVE-2006-0292, CVE-2006-1742)\n\nThe function XULDocument.persist() did not sufficiently validate the names of attributes. An attacker could exploit this to inject arbitrary XML code into the file \u2018localstore.rdf\u2019, which is read and evaluated at startup. This could include JavaScript commands that would be run with the user\u2019s privileges. (CVE-2006-0296)\n\nDue to a flaw in the HTML tag parser a specific sequence of HTML tags caused memory corruption. A malicious HTML email could exploit this to crash the browser or even execute arbitrary code with the user\u2019s privileges. (CVE-2006-0748)\n\nAn invalid ordering of table-related tags caused Thunderbird to use a negative array index. A malicious HTML email could exploit this to execute arbitrary code with the privileges of the user. (CVE-2006-0749)\n\nGeorgi Guninski discovered that forwarding mail in-line while using the default HTML \u201crich mail\u201d editor executed JavaScript embedded in the email message. Forwarding mail in-line is not the default setting but it is easily accessed through the \u201cForward As\u201d menu item. (CVE-2006-0884)\n\nAs a privacy measure to prevent senders (primarily spammers) from tracking when email is read Thunderbird does not load remote content referenced from an HTML mail message until a user tells it to do so. This normally includes the content of frames and CSS files. It was discovered that it was possible to bypass this restriction by indirectly including remote content through an intermediate inline CSS script or frame. (CVE-2006-1045)\n\nGeorgi Guninski discovered that embedded XBL scripts could escalate their (normally reduced) privileges to get full privileges of the user if the email is viewed with \u201cPrint Preview\u201d. (CVE-2006-1727)\n\nThe crypto.generateCRMFRequest() function had a flaw which could be exploited to run arbitrary code with the user\u2019s privileges. (CVE-2006-1728)\n\nAn integer overflow was detected in the handling of the CSS property \u201cletter-spacing\u201d. A malicious HTML email could exploit this to run arbitrary code with the user\u2019s privileges. (CVE-2006-1730)\n\nThe methods valueOf.call() and .valueOf.apply() returned an object whose privileges were not properly confined to those of the caller, which made them vulnerable to cross-site scripting attacks. A malicious email with embedded JavaScript code could exploit this to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-1731) The window.controllers array variable (CVE-2006-1732) and event handlers (CVE-2006-1741) were vulnerable to a similar attack.\n\nThe privileged built-in XBL bindings were not fully protected from web content and could be accessed by calling valueOf.call() and valueOf.apply() on a method of that binding. A malicious email could exploit this to run arbitrary JavaScript code with the user\u2019s privileges. (CVE-2006-1733)\n\nIt was possible to use the Object.watch() method to access an internal function object (the \u201cclone parent\u201d). A malicious email containing JavaScript code could exploit this to execute arbitrary code with the user\u2019s privileges. (CVE-2006-1734)\n\nBy calling the XBL.method.eval() method in a special way it was possible to create JavaScript functions that would get compiled with the wrong privileges. A malicious email could exploit this to execute arbitrary JavaScript code with the user\u2019s privileges. (CVE-2006-1735)\n\nSeveral crashes have been fixed which could be triggered by specially crafted HTML content and involve memory corruption. These could potentially be exploited to execute arbitrary code with the user\u2019s privileges. (CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nThe \u201cenigmail\u201d plugin has been updated to work with the new Thunderbird and Mozilla versions.", "edition": 3, "reporter": "Ubuntu", "published": "2006-05-03T00:00:00", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-0296", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2006-05-03T00:00:00", "id": "USN-276-1", "href": "https://usn.ubuntu.com/276-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:15", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-4134", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1741", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1732", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1739", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1742", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1728", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0748", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0292", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1731", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1735", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1730", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1727", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1736", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1733", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1729", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1734", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1790", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0749", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0296", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1738", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1737", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1740"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-browser", "operator": "lt"}], "description": "Web pages with extremely long titles caused subsequent launches of Mozilla browser to hang for up to a few minutes, or caused Mozilla to crash on computers with insufficient memory. (CVE-2005-4134)\n\nIgor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious website could exploit this to execute arbitrary code with the privileges of the user. (CVE-2006-0292, CVE-2006-1742)\n\nThe function XULDocument.persist() did not sufficiently validate the names of attributes. An attacker could exploit this to inject arbitrary XML code into the file \u2018localstore.rdf\u2019, which is read and evaluated at startup. This could include JavaScript commands that would be run with the user\u2019s privileges. (CVE-2006-0296)\n\nDue to a flaw in the HTML tag parser a specific sequence of HTML tags caused memory corruption. A malicious web site could exploit this to crash the browser or even execute arbitrary code with the user\u2019s privileges. (CVE-2006-0748)\n\nAn invalid ordering of table-related tags caused Mozilla to use a negative array index. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (CVE-2006-0749)\n\nGeorgi Guninski discovered that embedded XBL scripts of web sites could escalate their (normally reduced) privileges to get full privileges of the user if that page is viewed with \u201cPrint Preview\u201d. (CVE-2006-1727)\n\nThe crypto.generateCRMFRequest() function had a flaw which could be exploited to run arbitrary code with the user\u2019s privileges. (CVE-2006-1728)\n\nClaus J\u00b4\u2510\u017brgensen and Jesse Ruderman discovered that a text input box could be pre-filled with a filename and then turned into a file-upload control with the contents intact. A malicious web site could exploit this to read any local file the user has read privileges for. (CVE-2006-1729)\n\nAn integer overflow was detected in the handling of the CSS property \u201cletter-spacing\u201d. A malicious web site could exploit this to run arbitrary code with the user\u2019s privileges. (CVE-2006-1730)\n\nThe methods valueOf.call() and .valueOf.apply() returned an object whose privileges were not properly confined to those of the caller, which made them vulnerable to cross-site scripting attacks. A malicious web site could exploit this to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-1731) The window.controllers array variable (CVE-2006-1732) and event handlers (CVE-2006-1741) were vulnerable to a similar attack.\n\nThe privileged built-in XBL bindings were not fully protected from web content and could be accessed by calling valueOf.call() and valueOf.apply() on a method of that binding. A malicious web site could exploit this to run arbitrary JavaScript code with the user\u2019s privileges. (CVE-2006-1733)\n\nIt was possible to use the Object.watch() method to access an internal function object (the \u201cclone parent\u201d). A malicious web site could exploit this to execute arbitrary JavaScript code with the user\u2019s privileges. (CVE-2006-1734)\n\nBy calling the XBL.method.eval() method in a special way it was possible to create JavaScript functions that would get compiled with the wrong privileges. A malicious web site could exploit this to execute arbitrary JavaScript code with the user\u2019s privileges. (CVE-2006-1735)\n\nMichael Krax discovered that by layering a transparent image link to an executable on top of a visible (and presumably desirable) image a malicious site could fool the user to right-click and choose \u201cSave image as\u2026\u201d from the context menu, which would download the executable instead of the image. (CVE-2006-1736)\n\nSeveral crashes have been fixed which could be triggered by web sites and involve memory corruption. These could potentially be exploited to execute arbitrary code with the user\u2019s privileges. (CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)\n\nIf the user has turned on the \u201cEntering secure site\u201d modal warning dialog, it was possible to spoof the browser\u2019s secure-site indicators (the lock icon and the gold URL field background) by first loading the target secure site in a pop-up window, then changing its location to a different site, which retained the displayed secure-browsing indicators from the original site. (CVE-2006-1740)", "edition": 3, "reporter": "Ubuntu", "published": "2006-04-28T00:00:00", "title": "Mozilla vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2006-04-28T00:00:00", "id": "USN-275-1", "href": "https://usn.ubuntu.com/275-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2017-10-05T12:57:04", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_alpha.deb", "arch": "alpha", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_arm.deb", "arch": "arm", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_arm.deb", "arch": "arm", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_m68k.deb", "arch": "m68k", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_m68k.deb", "arch": "m68k", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_i386.deb", "arch": "i686", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_hppa.deb", "arch": "hppa", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_mips.deb", "arch": "mips", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_amd64.deb", "arch": "x86-64", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_amd64.deb", "arch": "x86-64", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_hppa.deb", "arch": "hppa", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_hppa.deb", "arch": "hppa", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_s390.deb", "arch": "s390x", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_sparc.deb", "arch": "sparc", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_m68k.deb", "arch": "m68k", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4.orig", "packageFilename": "mozilla-firefox_1.0.4.orig.tar.gz", "arch": "src", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_sparc.deb", "arch": "sparc", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_powerpc.deb", "arch": "ppc", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_ia64.deb", "arch": "ia64", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6.diff", "packageFilename": "mozilla-firefox_1.0.4-2sarge6.diff.gz", "arch": "src", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_sparc.deb", "arch": "sparc", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_arm.deb", "arch": "arm", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_i386.deb", "arch": "i686", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_alpha.deb", "arch": "alpha", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_ia64.deb", "arch": "ia64", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6.dsc", "arch": "src", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_s390.deb", "arch": "s390x", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_alpha.deb", "arch": "alpha", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_i386.deb", "arch": "i686", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_mips.deb", "arch": "mips", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_powerpc.deb", "arch": "ppc", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_powerpc.deb", "arch": "ppc", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox_1.0.4-2sarge6_ia64.deb", "arch": "ia64", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_mips.deb", "arch": "mips", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-gnome-support_1.0.4-2sarge6_s390.deb", "arch": "s390x", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.4-2sarge6", "packageFilename": "mozilla-firefox-dom-inspector_1.0.4-2sarge6_amd64.deb", "arch": "x86-64", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}], "description": "Several security related problems have been discovered in Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:\n\n * [CVE-2005-4134](<https://security-tracker.debian.org/tracker/CVE-2005-4134>)\n\nWeb pages with extremely long titles cause subsequent launches of the browser to appear to \"hang\" for up to a few minutes, or even crash if the computer has insufficient memory. [MFSA-2006-03]\n\n * [CVE-2006-0292](<https://security-tracker.debian.org/tracker/CVE-2006-0292>)\n\nThe JavaScript interpreter does not properly dereference objects, which allows remote attackers to cause a denial of service or execute arbitrary code. [MFSA-2006-01]\n\n * [CVE-2006-0293](<https://security-tracker.debian.org/tracker/CVE-2006-0293>)\n\nThe function allocation code allows attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-01]\n\n * [CVE-2006-0296](<https://security-tracker.debian.org/tracker/CVE-2006-0296>)\n\nXULDocument.persist() did not validate the attribute name, allowing an attacker to inject arbitrary XML and JavaScript code into localstore.rdf that would be read and acted upon during startup. [MFSA-2006-05]\n\n * [CVE-2006-0748](<https://security-tracker.debian.org/tracker/CVE-2006-0748>)\n\nAn anonymous researcher for TippingPoint and the Zero Day Initiative reported that an invalid and nonsensical ordering of table-related tags can be exploited to execute arbitrary code. [MFSA-2006-27]\n\n * [CVE-2006-0749](<https://security-tracker.debian.org/tracker/CVE-2006-0749>)\n\nA particular sequence of HTML tags can cause memory corruption that can be exploited to execute arbitrary code. [MFSA-2006-18]\n\n * [CVE-2006-1727](<https://security-tracker.debian.org/tracker/CVE-2006-1727>)\n\nGeorgi Guninski reported two variants of using scripts in an XBL control to gain chrome privileges when the page is viewed under \"Print Preview\". [MFSA-2006-25]\n\n * [CVE-2006-1728](<https://security-tracker.debian.org/tracker/CVE-2006-1728>)\n\n\"shutdown\" discovered that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user running the browser, which could enable an attacker to install malware. [MFSA-2006-24]\n\n * [CVE-2006-1729](<https://security-tracker.debian.org/tracker/CVE-2006-1729>)\n\nClaus J\u0102\u00b8rgensen reported that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-23]\n\n * [CVE-2006-1730](<https://security-tracker.debian.org/tracker/CVE-2006-1730>)\n\nAn anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property, which could be exploited to execute arbitrary code. [MFSA-2006-22]\n\n * [CVE-2006-1731](<https://security-tracker.debian.org/tracker/CVE-2006-1731>)\n\n\"moz_bug_r_a4\" discovered that some internal functions return prototypes instead of objects, which allows remote attackers to conduct cross-site scripting attacks. [MFSA-2006-19]\n\n * [CVE-2006-1732](<https://security-tracker.debian.org/tracker/CVE-2006-1732>)\n\n\"shutdown\" discovered that it is possible to bypass same-origin protections, allowing a malicious site to inject script into content from another site, which could allow the malicious page to steal information such as cookies or passwords from the other site, or perform transactions on the user's behalf if the user were already logged in. [MFSA-2006-17]\n\n * [CVE-2006-1733](<https://security-tracker.debian.org/tracker/CVE-2006-1733>)\n\n\"moz_bug_r_a4\" discovered that the compilation scope of privileged built-in XBL bindings is not fully protected from web content and can still be executed which could be used to execute arbitrary JavaScript, which could allow an attacker to install malware such as viruses and password sniffers. [MFSA-2006-16]\n\n * [CVE-2006-1734](<https://security-tracker.debian.org/tracker/CVE-2006-1734>)\n\n\"shutdown\" discovered that it is possible to access an internal function object which could then be used to run arbitrary JavaScript code with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-15]\n\n * [CVE-2006-1735](<https://security-tracker.debian.org/tracker/CVE-2006-1735>)\n\nIt is possible to create JavaScript functions that would get compiled with the wrong privileges, allowing an attacker to run code of their choice with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-14]\n\n * [CVE-2006-1736](<https://security-tracker.debian.org/tracker/CVE-2006-1736>)\n\nIt is possible to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable. [MFSA-2006-13]\n\n * [CVE-2006-1737](<https://security-tracker.debian.org/tracker/CVE-2006-1737>)\n\nAn integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary bytecode via JavaScript with a large regular expression. [MFSA-2006-11]\n\n * [CVE-2006-1738](<https://security-tracker.debian.org/tracker/CVE-2006-1738>)\n\nAn unspecified vulnerability allows remote attackers to cause a denial of service. [MFSA-2006-11]\n\n * [CVE-2006-1739](<https://security-tracker.debian.org/tracker/CVE-2006-1739>)\n\nCertain Cascading Style Sheets (CSS) can cause an out-of-bounds array write and buffer overflow that could lead to a denial of service and the possible execution of arbitrary code. [MFSA-2006-11]\n\n * [CVE-2006-1740](<https://security-tracker.debian.org/tracker/CVE-2006-1740>)\n\nIt is possible for remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. [MFSA-2006-12]\n\n * [CVE-2006-1741](<https://security-tracker.debian.org/tracker/CVE-2006-1741>)\n\n\"shutdown\" discovered that it is possible to inject arbitrary JavaScript code into a page on another site using a modal alert to suspend an event handler while a new page is being loaded. This could be used to steal confidential information. [MFSA-2006-09]\n\n * [CVE-2006-1742](<https://security-tracker.debian.org/tracker/CVE-2006-1742>)\n\nIgor Bukanov discovered that the JavaScript engine does not properly handle temporary variables, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. [MFSA-2006-10]\n\n * [CVE-2006-1790](<https://security-tracker.debian.org/tracker/CVE-2006-1790>)\n\nA regression fix that could lead to memory corruption allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-11]\n\nFor the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge6.\n\nFor the unstable distribution (sid) these problems have been fixed in version 1.5.dfsg+1.5.0.2-2.\n\nWe recommend that you upgrade your Mozilla Firefox packages.", "edition": 2, "reporter": "Debian", "published": "2006-04-26T00:00:00", "type": "debian", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "mozilla-firefox -- several vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-0293", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1737", "CVE-2006-1732", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2006-04-26T00:00:00", "id": "DSA-1044", "href": "http://www.debian.org/security/dsa-1044", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-05T13:06:01", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_s390.deb", "arch": "s390x", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_ia64.deb", "arch": "ia64", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_arm.deb", "arch": "arm", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_i386.deb", "arch": "i686", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_sparc.deb", "arch": "sparc", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_amd64.deb", "arch": "x86-64", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_powerpc.deb", "arch": "ppc", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_i386.deb", "arch": "i686", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_hppa.deb", "arch": "hppa", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_hppa.deb", "arch": "hppa", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_sparc.deb", "arch": "sparc", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_hppa.deb", "arch": "hppa", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_m68k.deb", "arch": "m68k", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_m68k.deb", "arch": "m68k", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_amd64.deb", "arch": "x86-64", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_powerpc.deb", "arch": "ppc", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_powerpc.deb", "arch": "ppc", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_i386.deb", "arch": "i686", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_ia64.deb", "arch": "ia64", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_mips.deb", "arch": "mips", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_s390.deb", "arch": "s390x", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8.diff", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8.diff.gz", "arch": "src", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_hppa.deb", "arch": "hppa", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_m68k.deb", "arch": "m68k", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_i386.deb", "arch": "i686", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mips.deb", "arch": "mips", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_alpha.deb", "arch": "alpha", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2.orig", "packageFilename": "mozilla-thunderbird_1.0.2.orig.tar.gz", "arch": "src", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_s390.deb", "arch": "s390x", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mips.deb", "arch": "mips", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_m68k.deb", "arch": "m68k", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mips.deb", "arch": "mips", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_arm.deb", "arch": "arm", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_alpha.deb", "arch": "alpha", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_alpha.deb", "arch": "alpha", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_ia64.deb", "arch": "ia64", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_alpha.deb", "arch": "alpha", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_alpha.deb", "arch": "alpha", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_powerpc.deb", "arch": "ppc", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_amd64.deb", "arch": "x86-64", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_m68k.deb", "arch": "m68k", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_ia64.deb", "arch": "ia64", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_i386.deb", "arch": "i686", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_amd64.deb", "arch": "x86-64", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_arm.deb", "arch": "arm", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_hppa.deb", "arch": "hppa", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_s390.deb", "arch": "s390x", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_sparc.deb", "arch": "sparc", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_powerpc.deb", "arch": "ppc", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_ia64.deb", "arch": "ia64", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_arm.deb", "arch": "arm", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mips.deb", "arch": "mips", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_arm.deb", "arch": "arm", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_s390.deb", "arch": "s390x", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_amd64.deb", "arch": "x86-64", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8.dsc", "arch": "src", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_sparc.deb", "arch": "sparc", "packageName": "mozilla-thunderbird-offline", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.0.2-2.sarge1.0.8", "packageFilename": "mozilla-thunderbird_1.0.2-2.sarge1.0.8_sparc.deb", "arch": "sparc", "packageName": "mozilla-thunderbird", "operator": "lt"}], "description": "Several security related problems have been discovered in Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:\n\n * [CVE-2005-2353](<https://security-tracker.debian.org/tracker/CVE-2005-2353>)\n\nThe \"run-mozilla.sh\" script allows local users to create or overwrite arbitrary files when debugging is enabled via a symlink attack on temporary files.\n\n * [CVE-2005-4134](<https://security-tracker.debian.org/tracker/CVE-2005-4134>)\n\nWeb pages with extremely long titles cause subsequent launches of the browser to appear to \"hang\" for up to a few minutes, or even crash if the computer has insufficient memory. [MFSA-2006-03]\n\n * [CVE-2006-0292](<https://security-tracker.debian.org/tracker/CVE-2006-0292>)\n\nThe JavaScript interpreter does not properly dereference objects, which allows remote attackers to cause a denial of service or execute arbitrary code. [MFSA-2006-01]\n\n * [CVE-2006-0293](<https://security-tracker.debian.org/tracker/CVE-2006-0293>)\n\nThe function allocation code allows attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-01]\n\n * [CVE-2006-0296](<https://security-tracker.debian.org/tracker/CVE-2006-0296>)\n\nXULDocument.persist() did not validate the attribute name, allowing an attacker to inject arbitrary XML and JavaScript code into localstore.rdf that would be read and acted upon during startup. [MFSA-2006-05]\n\n * [CVE-2006-0748](<https://security-tracker.debian.org/tracker/CVE-2006-0748>)\n\nAn anonymous researcher for TippingPoint and the Zero Day Initiative reported that an invalid and nonsensical ordering of table-related tags can be exploited to execute arbitrary code. [MFSA-2006-27]\n\n * [CVE-2006-0749](<https://security-tracker.debian.org/tracker/CVE-2006-0749>)\n\nA particular sequence of HTML tags can cause memory corruption that can be exploited to execute arbitrary code. [MFSA-2006-18]\n\n * [CVE-2006-0884](<https://security-tracker.debian.org/tracker/CVE-2006-0884>)\n\nGeorgi Guninski reports that forwarding mail in-line while using the default HTML \"rich mail\" editor will execute JavaScript embedded in the e-mail message with full privileges of the client. [MFSA-2006-21]\n\n * [CVE-2006-1045](<https://security-tracker.debian.org/tracker/CVE-2006-1045>)\n\nThe HTML rendering engine does not properly block external images from inline HTML attachments when \"Block loading of remote images in mail messages\" is enabled, which could allow remote attackers to obtain sensitive information. [MFSA-2006-26]\n\n * [CVE-2006-1529](<https://security-tracker.debian.org/tracker/CVE-2006-1529>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1530](<https://security-tracker.debian.org/tracker/CVE-2006-1530>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1531](<https://security-tracker.debian.org/tracker/CVE-2006-1531>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1723](<https://security-tracker.debian.org/tracker/CVE-2006-1723>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1724](<https://security-tracker.debian.org/tracker/CVE-2006-1724>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1727](<https://security-tracker.debian.org/tracker/CVE-2006-1727>)\n\nGeorgi Guninski reported two variants of using scripts in an XBL control to gain chrome privileges when the page is viewed under \"Print Preview\". [MFSA-2006-25]\n\n * [CVE-2006-1728](<https://security-tracker.debian.org/tracker/CVE-2006-1728>)\n\n\"shutdown\" discovered that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user running the browser, which could enable an attacker to install malware. [MFSA-2006-24]\n\n * [CVE-2006-1729](<https://security-tracker.debian.org/tracker/CVE-2006-1729>)\n\nClaus J\u0102\u00b8rgensen reported that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-23]\n\n * [CVE-2006-1730](<https://security-tracker.debian.org/tracker/CVE-2006-1730>)\n\nAn anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property, which could be exploited to execute arbitrary code. [MFSA-2006-22]\n\n * [CVE-2006-1731](<https://security-tracker.debian.org/tracker/CVE-2006-1731>)\n\n\"moz_bug_r_a4\" discovered that some internal functions return prototypes instead of objects, which allows remote attackers to conduct cross-site scripting attacks. [MFSA-2006-19]\n\n * [CVE-2006-1732](<https://security-tracker.debian.org/tracker/CVE-2006-1732>)\n\n\"shutdown\" discovered that it is possible to bypass same-origin protections, allowing a malicious site to inject script into content from another site, which could allow the malicious page to steal information such as cookies or passwords from the other site, or perform transactions on the user's behalf if the user were already logged in. [MFSA-2006-17]\n\n * [CVE-2006-1733](<https://security-tracker.debian.org/tracker/CVE-2006-1733>)\n\n\"moz_bug_r_a4\" discovered that the compilation scope of privileged built-in XBL bindings is not fully protected from web content and can still be executed which could be used to execute arbitrary JavaScript, which could allow an attacker to install malware such as viruses and password sniffers. [MFSA-2006-16]\n\n * [CVE-2006-1734](<https://security-tracker.debian.org/tracker/CVE-2006-1734>)\n\n\"shutdown\" discovered that it is possible to access an internal function object which could then be used to run arbitrary JavaScript code with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-15]\n\n * [CVE-2006-1735](<https://security-tracker.debian.org/tracker/CVE-2006-1735>)\n\nIt is possible to create JavaScript functions that would get compiled with the wrong privileges, allowing an attacker to run code of their choice with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-14]\n\n * [CVE-2006-1736](<https://security-tracker.debian.org/tracker/CVE-2006-1736>)\n\nIt is possible to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable. [MFSA-2006-13]\n\n * [CVE-2006-1737](<https://security-tracker.debian.org/tracker/CVE-2006-1737>)\n\nAn integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary bytecode via JavaScript with a large regular expression. [MFSA-2006-11]\n\n * [CVE-2006-1738](<https://security-tracker.debian.org/tracker/CVE-2006-1738>)\n\nAn unspecified vulnerability allows remote attackers to cause a denial of service. [MFSA-2006-11]\n\n * [CVE-2006-1739](<https://security-tracker.debian.org/tracker/CVE-2006-1739>)\n\nCertain Cascading Style Sheets (CSS) can cause an out-of-bounds array write and buffer overflow that could lead to a denial of service and the possible execution of arbitrary code. [MFSA-2006-11]\n\n * [CVE-2006-1740](<https://security-tracker.debian.org/tracker/CVE-2006-1740>)\n\nIt is possible for remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. [MFSA-2006-12]\n\n * [CVE-2006-1741](<https://security-tracker.debian.org/tracker/CVE-2006-1741>)\n\n\"shutdown\" discovered that it is possible to inject arbitrary JavaScript code into a page on another site using a modal alert to suspend an event handler while a new page is being loaded. This could be used to steal confidential information. [MFSA-2006-09]\n\n * [CVE-2006-1742](<https://security-tracker.debian.org/tracker/CVE-2006-1742>)\n\nIgor Bukanov discovered that the JavaScript engine does not properly handle temporary variables, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. [MFSA-2006-10]\n\n * [CVE-2006-1790](<https://security-tracker.debian.org/tracker/CVE-2006-1790>)\n\nA regression fix that could lead to memory corruption allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-11]\n\nFor the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8.\n\nFor the unstable distribution (sid) these problems have been fixed in version 1.5.0.2-1 of thunderbird.\n\nWe recommend that you upgrade your Mozilla Thunderbird packages.", "edition": 2, "reporter": "Debian", "published": "2006-05-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "debian", "title": "mozilla-thunderbird -- several vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1531", "CVE-2006-1530", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-0293", "CVE-2005-2353", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-1529", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1723", "CVE-2006-1737", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2006-05-04T00:00:00", "id": "DSA-1051", "href": "http://www.debian.org/security/dsa-1051", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-05T13:04:49", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5.diff", "packageFilename": "mozilla_1.7.8-1sarge5.diff.gz", "arch": "src", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8.orig", "packageFilename": "mozilla_1.7.8.orig.tar.gz", "arch": "src", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5.dsc", "arch": "src", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_m68k.deb", "arch": "m68k", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-mailnews_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dev_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-browser_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-calendar_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_mipsel.deb", "arch": "mipsel", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr4_1.7.8-1sarge5_s390.deb", "arch": "s390x", "packageName": "libnspr4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-psm_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_alpha.deb", "arch": "alpha", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss3_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "libnss3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_mips.deb", "arch": "mips", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-js-debugger_1.7.8-1sarge5_i386.deb", "arch": "i686", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnspr-dev_1.7.8-1sarge5_ia64.deb", "arch": "ia64", "packageName": "libnspr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-chatzilla_1.7.8-1sarge5_amd64.deb", "arch": "x86-64", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_hppa.deb", "arch": "hppa", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "libnss-dev_1.7.8-1sarge5_powerpc.deb", "arch": "ppc", "packageName": "libnss-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla-dom-inspector_1.7.8-1sarge5_arm.deb", "arch": "arm", "packageName": "mozilla-dom-inspector", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.7.8-1sarge5", "packageFilename": "mozilla_1.7.8-1sarge5_sparc.deb", "arch": "sparc", "packageName": "mozilla", "operator": "lt"}], "description": "Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:\n\n * [CVE-2005-2353](<https://security-tracker.debian.org/tracker/CVE-2005-2353>)\n\nThe \"run-mozilla.sh\" script allows local users to create or overwrite arbitrary files when debugging is enabled via a symlink attack on temporary files.\n\n * [CVE-2005-4134](<https://security-tracker.debian.org/tracker/CVE-2005-4134>)\n\nWeb pages with extremely long titles cause subsequent launches of the browser to appear to \"hang\" for up to a few minutes, or even crash if the computer has insufficient memory. [MFSA-2006-03]\n\n * [CVE-2006-0292](<https://security-tracker.debian.org/tracker/CVE-2006-0292>)\n\nThe JavaScript interpreter does not properly dereference objects, which allows remote attackers to cause a denial of service or execute arbitrary code. [MFSA-2006-01]\n\n * [CVE-2006-0293](<https://security-tracker.debian.org/tracker/CVE-2006-0293>)\n\nThe function allocation code allows attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-01]\n\n * [CVE-2006-0296](<https://security-tracker.debian.org/tracker/CVE-2006-0296>)\n\nXULDocument.persist() did not validate the attribute name, allowing an attacker to inject arbitrary XML and JavaScript code into localstore.rdf that would be read and acted upon during startup. [MFSA-2006-05]\n\n * [CVE-2006-0748](<https://security-tracker.debian.org/tracker/CVE-2006-0748>)\n\nAn anonymous researcher for TippingPoint and the Zero Day Initiative reported that an invalid and nonsensical ordering of table-related tags can be exploited to execute arbitrary code. [MFSA-2006-27]\n\n * [CVE-2006-0749](<https://security-tracker.debian.org/tracker/CVE-2006-0749>)\n\nA particular sequence of HTML tags can cause memory corruption that can be exploited to execute arbitrary code. [MFSA-2006-18]\n\n * [CVE-2006-0884](<https://security-tracker.debian.org/tracker/CVE-2006-0884>)\n\nGeorgi Guninski reports that forwarding mail in-line while using the default HTML \"rich mail\" editor will execute JavaScript embedded in the e-mail message with full privileges of the client. [MFSA-2006-21]\n\n * [CVE-2006-1045](<https://security-tracker.debian.org/tracker/CVE-2006-1045>)\n\nThe HTML rendering engine does not properly block external images from inline HTML attachments when \"Block loading of remote images in mail messages\" is enabled, which could allow remote attackers to obtain sensitive information. [MFSA-2006-26]\n\n * [CVE-2006-1529](<https://security-tracker.debian.org/tracker/CVE-2006-1529>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1530](<https://security-tracker.debian.org/tracker/CVE-2006-1530>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1531](<https://security-tracker.debian.org/tracker/CVE-2006-1531>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1723](<https://security-tracker.debian.org/tracker/CVE-2006-1723>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1724](<https://security-tracker.debian.org/tracker/CVE-2006-1724>)\n\nA vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]\n\n * [CVE-2006-1725](<https://security-tracker.debian.org/tracker/CVE-2006-1725>)\n\nDue to an interaction between XUL content windows and the history mechanism, some windows may to become translucent, which might allow remote attackers to execute arbitrary code. [MFSA-2006-29]\n\n * [CVE-2006-1726](<https://security-tracker.debian.org/tracker/CVE-2006-1726>)\n\n\"shutdown\" discovered that the security check of the function js_ValueToFunctionObject() can be circumvented and exploited to allow the installation of malware. [MFSA-2006-28]\n\n * [CVE-2006-1727](<https://security-tracker.debian.org/tracker/CVE-2006-1727>)\n\nGeorgi Guninski reported two variants of using scripts in an XBL control to gain chrome privileges when the page is viewed under \"Print Preview\". [MFSA-2006-25]\n\n * [CVE-2006-1728](<https://security-tracker.debian.org/tracker/CVE-2006-1728>)\n\n\"shutdown\" discovered that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user running the browser, which could enable an attacker to install malware. [MFSA-2006-24]\n\n * [CVE-2006-1729](<https://security-tracker.debian.org/tracker/CVE-2006-1729>)\n\nClaus J\u0102\u00b8rgensen reported that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-23]\n\n * [CVE-2006-1730](<https://security-tracker.debian.org/tracker/CVE-2006-1730>)\n\nAn anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property, which could be exploited to execute arbitrary code. [MFSA-2006-22]\n\n * [CVE-2006-1731](<https://security-tracker.debian.org/tracker/CVE-2006-1731>)\n\n\"moz_bug_r_a4\" discovered that some internal functions return prototypes instead of objects, which allows remote attackers to conduct cross-site scripting attacks. [MFSA-2006-19]\n\n * [CVE-2006-1732](<https://security-tracker.debian.org/tracker/CVE-2006-1732>)\n\n\"shutdown\" discovered that it is possible to bypass same-origin protections, allowing a malicious site to inject script into content from another site, which could allow the malicious page to steal information such as cookies or passwords from the other site, or perform transactions on the user's behalf if the user were already logged in. [MFSA-2006-17]\n\n * [CVE-2006-1733](<https://security-tracker.debian.org/tracker/CVE-2006-1733>)\n\n\"moz_bug_r_a4\" discovered that the compilation scope of privileged built-in XBL bindings is not fully protected from web content and can still be executed which could be used to execute arbitrary JavaScript, which could allow an attacker to install malware such as viruses and password sniffers. [MFSA-2006-16]\n\n * [CVE-2006-1734](<https://security-tracker.debian.org/tracker/CVE-2006-1734>)\n\n\"shutdown\" discovered that it is possible to access an internal function object which could then be used to run arbitrary JavaScript code with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-15]\n\n * [CVE-2006-1735](<https://security-tracker.debian.org/tracker/CVE-2006-1735>)\n\nIt is possible to create JavaScript functions that would get compiled with the wrong privileges, allowing an attacker to run code of their choice with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-14]\n\n * [CVE-2006-1736](<https://security-tracker.debian.org/tracker/CVE-2006-1736>)\n\nIt is possible to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable. [MFSA-2006-13]\n\n * [CVE-2006-1737](<https://security-tracker.debian.org/tracker/CVE-2006-1737>)\n\nAn integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary bytecode via JavaScript with a large regular expression. [MFSA-2006-11]\n\n * [CVE-2006-1738](<https://security-tracker.debian.org/tracker/CVE-2006-1738>)\n\nAn unspecified vulnerability allows remote attackers to cause a denial of service. [MFSA-2006-11]\n\n * [CVE-2006-1739](<https://security-tracker.debian.org/tracker/CVE-2006-1739>)\n\nCertain Cascading Style Sheets (CSS) can cause an out-of-bounds array write and buffer overflow that could lead to a denial of service and the possible execution of arbitrary code. [MFSA-2006-11]\n\n * [CVE-2006-1740](<https://security-tracker.debian.org/tracker/CVE-2006-1740>)\n\nIt is possible for remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. [MFSA-2006-12]\n\n * [CVE-2006-1741](<https://security-tracker.debian.org/tracker/CVE-2006-1741>)\n\n\"shutdown\" discovered that it is possible to inject arbitrary JavaScript code into a page on another site using a modal alert to suspend an event handler while a new page is being loaded. This could be used to steal confidential information. [MFSA-2006-09]\n\n * [CVE-2006-1742](<https://security-tracker.debian.org/tracker/CVE-2006-1742>)\n\nIgor Bukanov discovered that the JavaScript engine does not properly handle temporary variables, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. [MFSA-2006-10]\n\n * [CVE-2006-1790](<https://security-tracker.debian.org/tracker/CVE-2006-1790>)\n\nA regression fix that could lead to memory corruption allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-11]\n\nFor the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge5.\n\nFor the unstable distribution (sid) these problems will be fixed in version 1.7.13-1.\n\nWe recommend that you upgrade your Mozilla packages.", "edition": 2, "reporter": "Debian", "published": "2006-04-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "debian", "title": "mozilla -- several vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1531", "CVE-2006-1530", "CVE-2006-0748", "CVE-2006-1728", "CVE-2006-1730", "CVE-2006-0293", "CVE-2005-2353", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-0292", "CVE-2006-0884", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-1529", "CVE-2006-1729", "CVE-2006-0296", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1723", "CVE-2006-1737", "CVE-2005-4134", "CVE-2006-0749"], "modified": "2006-04-27T00:00:00", "id": "DSA-1046", "href": "http://www.debian.org/security/dsa-1046", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:49", "references": ["http://www.mozilla.org/security/announce/2006/mfsa2006-17.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-13.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-28.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-16.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-18.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-29.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-09.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-25.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-26.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-14.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-15.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-19.html", "http://www.zerodayinitiative.com/advisories/ZDI-06-010.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-10.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-22.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-23.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.7.13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-mozilla", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.5.0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.7.13,2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.8,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.5.0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.5.0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "\nA Mozilla Foundation Security Advisory reports of multiple\n\t issues. Several of which can be used to run arbitrary code\n\t with the privilege of the user running the program.\n\n\nMFSA 2006-29 Spoofing with translucent windows\nMFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented\nMFSA 2006-26 Mail Multiple Information Disclosure\nMFSA 2006-25 Privilege escalation through Print Preview\nMFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest\nMFSA 2006-23 File stealing by changing input type\nMFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability\nMFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)\nMFSA 2006-19 Cross-site scripting using .valueOf.call()\nMFSA 2006-18 Mozilla Firefox Tag Order Vulnerability\nMFSA 2006-17 cross-site scripting through window.controllers\nMFSA 2006-16 Accessing XBL compilation scope via valueOf.call()\nMFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent\nMFSA 2006-14 Privilege escalation via XBL.method.eval\nMFSA 2006-13 Downloading executables with \"Save Image As...\"\nMFSA 2006-12 Secure-site spoof (requires security warning dialog)\nMFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)\nMFSA 2006-10 JavaScript garbage-collection hazard audit\nMFSA 2006-09 Cross-site JavaScript injection using event handlers\n\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2006-04-13T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1531", "CVE-2006-1530", "CVE-2006-1728", "CVE-2006-1725", "CVE-2006-1730", "CVE-2006-1726", "CVE-2006-1790", "CVE-2006-1734", "CVE-2006-1733", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1731", "CVE-2006-1727", "CVE-2006-1045", "CVE-2006-1529", "CVE-2006-1729", "CVE-2006-1736", "CVE-2006-1735", "CVE-2006-1742", "CVE-2006-1724", "CVE-2006-1723", "CVE-2006-1737", "CVE-2006-1732", "CVE-2006-0749"], "modified": "2006-04-27T00:00:00", "id": "84630F4A-CD8C-11DA-B7B9-000C6EC775D9", "href": "https://vuxml.freebsd.org/freebsd/84630f4a-cd8c-11da-b7b9-000c6ec775d9.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
