ID CVE-2008-5013 Type cve Reporter cve@mitre.org Modified 2018-10-30T16:25:00
Description
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
{"zdi": [{"lastseen": "2020-06-22T11:40:20", "bulletinFamily": "info", "cvelist": ["CVE-2008-5013"], "edition": 3, "description": "This vulnerability allows remote attackers to execute code on vulnerable installations of Mozilla Firefox with Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists due to a failure to check whether the Flash module has been properly dynamically unloaded. If an SWF file dynamically unloads itself via an outside JavaScript function, the browser will return to an address no longer mapped to the Flash module. Exploitation of this vulnerability can result in arbitrary code execution under the context of the currently logged in user.", "modified": "2008-06-22T00:00:00", "published": "2008-11-12T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-08-094/", "id": "ZDI-08-094", "title": "Mozilla Firefox Flash Player Dynamic Module Unloading Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-5013"], "description": "Mozilla Foundation Security Advisory 2008-49\r\n\r\nTitle: Arbitrary code execution via Flash Player dynamic module unloading\r\nImpact: Critical\r\nAnnounced: November 12, 2008\r\nReporter: TippingPoint ZDI\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 2.0.0.18\r\n SeaMonkey 1.1.13\r\nDescription\r\n\r\nAn anonymous security researcher reported via TippingPoint's Zero Day Initiative that insufficient checks were being performed to test whether the Flash module was properly dynamically unloaded. The researcher demonstrated that a SWF file which dynamically unloads itself from an outside JavaScript function can cause the browser to access a memory address no longer mapped to the Flash module, resulting in a crash. This crash could be used by an attacker to run arbitrary code on a victim's computer.\r\n\r\nFirefox 3 is not affected by this issue.\r\nWorkaround\r\n\r\nDisable JavaScript until a version containing these fixes can be installed.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=433610\r\n * CVE-2008-5013\r\n", "edition": 1, "modified": "2008-11-14T00:00:00", "published": "2008-11-14T00:00:00", "id": "SECURITYVULNS:DOC:20867", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20867", "title": "Mozilla Foundation Security Advisory 2008-49", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5015", "CVE-2008-4582", "CVE-2008-5052"], "description": "Information leak, free'd memory reusing, privilege escalation, buffer overflow, crossite scripting, protection bypass.", "edition": 1, "modified": "2008-11-14T00:00:00", "published": "2008-11-14T00:00:00", "id": "SECURITYVULNS:VULN:9434", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9434", "title": "Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-4582"], "description": "The remote host is missing an update to iceweasel\nannounced via advisory DSA 1671-1.", "modified": "2017-07-07T00:00:00", "published": "2008-12-03T00:00:00", "id": "OPENVAS:61934", "href": "http://plugins.openvas.org/nasl.php?oid=61934", "type": "openvas", "title": "Debian Security Advisory DSA 1671-1 (iceweasel)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1671_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1671-1 (iceweasel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Iceweasel\nwebbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0017\n\nJustin Schuh discovered that a buffer overflow in the http-index-format\nparser could lead to arbitrary code execution.\n\nCVE-2008-4582\n\nLiu Die Yu discovered an information leak through local shortcut\nfiles.\n\nCVE-2008-5012\n\nGeorgi Guninski, Michal Zalewski and Chris Evan discovered that\nthe canvas element could be used to bypass same-origin\nrestrictions.\n\nCVE-2008-5013\n\nIt was discovered that insufficient checks in the Flash plugin glue\ncode could lead to arbitrary code execution.\n\nCVE-2008-5014\n\nJesse Ruderman discovered that a programming error in the\nwindow.__proto__.__proto__ object could lead to arbitrary code\nexecution.\n\nCVE-2008-5017\n\nIt was discovered that crashes in the layout engine could lead to\narbitrary code execution.\n\nCVE-2008-5018\n\nIt was discovered that crashes in the Javascript engine could lead to\narbitrary code execution.\n\nCVE-2008-5021\n\nIt was discovered that a crash in the nsFrameManager might lead to\nthe execution of arbitrary code.\n\nCVE-2008-5022\n\nmoz_bug_r_a4 discovered that the same-origin check in\nnsXMLHttpRequest::NotifyEventListeners() could be bypassed.\n\nCVE-2008-5023\n\nCollin Jackson discovered that the -moz-binding property bypasses\nsecurity checks on codebase principals.\n\nCVE-2008-5024\n\nChris Evans discovered that quote characters were improperly\nescaped in the default namespace of E4X documents.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.18-0etch1.\n\nFor the upcoming stable distribution (lenny) and the unstable distribution\n(sid), these problems have been fixed in version 3.0.4-1 of iceweasel\nand version 1.9.0.4-1 of xulrunner. Packages for arm and mips will be\nprovided soon.\n\nWe recommend that you upgrade your iceweasel package.\";\ntag_summary = \"The remote host is missing an update to iceweasel\nannounced via advisory DSA 1671-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201671-1\";\n\n\nif(description)\n{\n script_id(61934);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-03 18:25:22 +0100 (Wed, 03 Dec 2008)\");\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-4582\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1671-1 (iceweasel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dom-inspector\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-gnome-support\", ver:\"2.0.0.18-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065879", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065879", "type": "openvas", "title": "SLES10: Security update for gecko-sdk and mozilla-xulrunner", "sourceData": "#\n#VID slesp2-gecko-sdk-5813\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for gecko-sdk and mozilla-xulrunner\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65879\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for gecko-sdk and mozilla-xulrunner\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner\", rpm:\"mozilla-xulrunner~1.8.0.14eol~0.9\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "The host is installed with Mozilla Seamonkey and is prone\n to multiple vulnerabilities.", "modified": "2017-02-20T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:800061", "href": "http://plugins.openvas.org/nasl.php?oid=800061", "type": "openvas", "title": "Mozilla Seamonkey Multiple Vulnerabilities November-08 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_seamonkey_mult_vuln_nov08_win.nasl 5375 2017-02-20 16:39:23Z cfi $\n#\n# Mozilla Seamonkey Multiple Vulnerabilities November-08 (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could result in remote arbitrary code execution,\n bypass security restrictions, spoofing attacks, sensitive information\n disclosure, and JavaScript code that can be executed with the privileges\n of the signed user.\n Impact Level: System\";\ntag_affected = \"Seamonkey version prior to 1.1.13 on Windows.\";\ntag_solution = \"Upgrade to Seamonkey version 1.1.13 or later\n http://www.seamonkey-project.org/releases/\";\ntag_summary = \"The host is installed with Mozilla Seamonkey and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800061);\n script_version(\"$Revision: 5375 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 17:39:23 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\",\n \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\",\n \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\", \"CVE-2008-0017\");\n script_bugtraq_id(32281);\n script_name(\"Mozilla Seamonkey Multiple Vulnerabilities November-08 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-48.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-49.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-50.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-52.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-54.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-55.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-56.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-57.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-58.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(!smVer){\n exit(0);\n}\n\n# Grep for firefox version < 2.0.0.18\nif(version_is_less(version:smVer, test_version:\"1.1.13\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-16T16:58:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "The host is installed with Mozilla Seamonkey and is prone\n to multiple vulnerabilities.", "modified": "2020-04-14T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:1361412562310800061", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800061", "type": "openvas", "title": "Mozilla Seamonkey Multiple Vulnerabilities November-08 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Seamonkey Multiple Vulnerabilities November-08 (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800061\");\n script_version(\"2020-04-14T08:15:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-14 08:15:28 +0000 (Tue, 14 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\",\n \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\",\n \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\", \"CVE-2008-0017\");\n script_bugtraq_id(32281);\n script_name(\"Mozilla Seamonkey Multiple Vulnerabilities November-08 (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-48.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-49.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-50.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-52.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-54.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-55.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-56.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-57.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-58.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could result in remote arbitrary code execution,\n bypass security restrictions, spoofing attacks, sensitive information\n disclosure, and JavaScript code that can be executed with the privileges\n of the signed user.\");\n\n script_tag(name:\"affected\", value:\"Seamonkey version prior to 1.1.13 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Seamonkey version 1.1.13 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Seamonkey and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(!smVer){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"1.1.13\")){\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"1.1.13\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-26T08:56:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65879", "href": "http://plugins.openvas.org/nasl.php?oid=65879", "type": "openvas", "title": "SLES10: Security update for gecko-sdk and mozilla-xulrunner", "sourceData": "#\n#VID slesp2-gecko-sdk-5813\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for gecko-sdk and mozilla-xulrunner\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65879);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for gecko-sdk and mozilla-xulrunner\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner\", rpm:\"mozilla-xulrunner~1.8.0.14eol~0.9\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "Check for the Version of mozilla-firefox", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830354", "href": "http://plugins.openvas.org/nasl.php?oid=830354", "type": "openvas", "title": "Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been discovered and corrected in\n the latest Mozilla Firefox 2.x, version 2.0.0.18 (CVE-2008-0017,\n CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017,\n CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022,\n CVE-2008-5023, CVE-2008-5024, CVE-2008-5052).\n\n This update provides the latest Mozilla Firefox 2.x to correct\n these issues.\";\n\ntag_affected = \"mozilla-firefox on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-11/msg00008.php\");\n script_id(830354);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:228\");\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5019\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\");\n script_name( \"Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)\");\n\n script_summary(\"Check for the Version of mozilla-firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-cvs-client\", rpm:\"eclipse-cvs-client~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.20.0~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.20.0~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~7.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.18\", rpm:\"libmozilla-firefox2.0.0.18~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser7\", rpm:\"libtotem-plparser7~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser-devel\", rpm:\"libtotem-plparser-devel~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.779~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.0.47.4~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~2.2.7~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.20.0~3.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.18\", rpm:\"lib64mozilla-firefox2.0.0.18~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser7\", rpm:\"lib64totem-plparser7~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser-devel\", rpm:\"lib64totem-plparser-devel~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.4~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgluezilla0\", rpm:\"libgluezilla0~1.2.6.1~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.18\", rpm:\"libmozilla-firefox2.0.0.18~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.779~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.0.47.4~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~2.2.7~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gnome-support\", rpm:\"mozilla-firefox-gnome-support~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-theme-gnome\", rpm:\"mozilla-firefox-theme-gnome~2.0.0~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-theme-kdeff\", rpm:\"mozilla-firefox-theme-kdeff~0.4~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.22.0~2.6mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gluezilla\", rpm:\"gluezilla~1.2.6.1~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gluezilla0\", rpm:\"lib64gluezilla0~1.2.6.1~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.18\", rpm:\"lib64mozilla-firefox2.0.0.18~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-16T16:58:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "The host is installed with Mozilla Seamonkey and is prone\n to multiple vulnerabilities.", "modified": "2020-04-14T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:1361412562310800062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800062", "type": "openvas", "title": "Mozilla Seamonkey Multiple Vulnerabilities November-08 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Seamonkey Multiple Vulnerabilities November-08 (Linux)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800062\");\n script_version(\"2020-04-14T08:15:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-14 08:15:28 +0000 (Tue, 14 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\",\n \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\",\n \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\", \"CVE-2008-0017\");\n script_bugtraq_id(32281);\n script_name(\"Mozilla Seamonkey Multiple Vulnerabilities November-08 (Linux)\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-48.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-49.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-50.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-52.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-54.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-55.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-56.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-57.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-58.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_lin.nasl\");\n script_mandatory_keys(\"Seamonkey/Linux/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could result in remote arbitrary code execution,\n bypass security restrictions, spoofing attacks, sensitive information\n disclosure, and JavaScript code that can be executed with the privileges of the signed user.\");\n\n script_tag(name:\"affected\", value:\"Seamonkey version prior to 1.1.13 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Seamonkey version 1.1.13 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Seamonkey and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nsmVer = get_kb_item(\"Seamonkey/Linux/Ver\");\nif(!smVer){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"1.1.13\")){\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"1.1.13\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-09T11:39:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "Check for the Version of mozilla-firefox", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830354", "type": "openvas", "title": "Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been discovered and corrected in\n the latest Mozilla Firefox 2.x, version 2.0.0.18 (CVE-2008-0017,\n CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017,\n CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022,\n CVE-2008-5023, CVE-2008-5024, CVE-2008-5052).\n\n This update provides the latest Mozilla Firefox 2.x to correct\n these issues.\";\n\ntag_affected = \"mozilla-firefox on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-11/msg00008.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830354\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:228\");\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5019\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\");\n script_name( \"Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of mozilla-firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-cvs-client\", rpm:\"eclipse-cvs-client~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.20.0~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.20.0~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~7.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~4.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.18\", rpm:\"libmozilla-firefox2.0.0.18~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser7\", rpm:\"libtotem-plparser7~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser-devel\", rpm:\"libtotem-plparser-devel~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.779~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.0.47.4~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~2.2.7~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.20.0~3.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.3.0~0.20.8.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.16~1.9mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.18\", rpm:\"lib64mozilla-firefox2.0.0.18~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.18~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser7\", rpm:\"lib64totem-plparser7~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser-devel\", rpm:\"lib64totem-plparser-devel~2.20.1~1.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.4~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~10.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgluezilla0\", rpm:\"libgluezilla0~1.2.6.1~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.18\", rpm:\"libmozilla-firefox2.0.0.18~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.779~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.0.47.4~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~2.2.7~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gnome-support\", rpm:\"mozilla-firefox-gnome-support~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-theme-gnome\", rpm:\"mozilla-firefox-theme-gnome~2.0.0~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-theme-kdeff\", rpm:\"mozilla-firefox-theme-kdeff~0.4~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.22.0~4.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.22.0~2.6mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gluezilla\", rpm:\"gluezilla~1.2.6.1~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.19~3.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gluezilla0\", rpm:\"lib64gluezilla0~1.2.6.1~2.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.18\", rpm:\"lib64mozilla-firefox2.0.0.18~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.18~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-20T08:50:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "The host is installed with Mozilla Seamonkey and is prone\n to multiple vulnerabilities.", "modified": "2017-07-05T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:800062", "href": "http://plugins.openvas.org/nasl.php?oid=800062", "type": "openvas", "title": "Mozilla Seamonkey Multiple Vulnerabilities November-08 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_seamonkey_mult_vuln_nov08_lin.nasl 6539 2017-07-05 12:02:14Z cfischer $\n#\n# Mozilla Seamonkey Multiple Vulnerabilities November-08 (Linux)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could result in remote arbitrary code execution,\n bypass security restrictions, spoofing attacks, sensitive information\n disclosure, and JavaScript code that can be executed with the privileges\n of the signed user.\n Impact Level: System\";\ntag_affected = \"Seamonkey version prior to 1.1.13 on Linux.\";\ntag_solution = \"Upgrade to Seamonkey version 1.1.13 or later\n http://www.seamonkey-project.org/releases/\";\ntag_summary = \"The host is installed with Mozilla Seamonkey and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800062);\n script_version(\"$Revision: 6539 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-05 14:02:14 +0200 (Wed, 05 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\",\n \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\",\n \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\", \"CVE-2008-0017\");\n script_bugtraq_id(32281);\n script_name(\"Mozilla Seamonkey Multiple Vulnerabilities November-08 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-48.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-49.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-50.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-52.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-54.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-55.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-56.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-57.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-58.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_lin.nasl\");\n script_mandatory_keys(\"Seamonkey/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsmVer = get_kb_item(\"Seamonkey/Linux/Ver\");\nif(!smVer){\n exit(0);\n}\n\n# Grep for firefox version < 2.0.0.18\nif(version_is_less(version:smVer, test_version:\"1.1.13\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024"], "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880048", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0977 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0977 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\n CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n \n Several flaws were found in the way malformed content was processed. A web\n site containing specially-crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-5012,\n CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-November/015402.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880048\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0977\");\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5019\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0977 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.25.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-06T09:45:09", "description": "Several remote vulnerabilities have been discovered in the Iceweasel\nwebbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0017\n Justin Schuh discovered that a buffer overflow in the\n http-index-format parser could lead to arbitrary code\n execution.\n\n - CVE-2008-4582\n Liu Die Yu discovered an information leak through local\n shortcut files.\n\n - CVE-2008-5012\n Georgi Guninski, Michal Zalewski and Chris Evan\n discovered that the canvas element could be used to\n bypass same-origin restrictions.\n\n - CVE-2008-5013\n It was discovered that insufficient checks in the Flash\n plugin glue code could lead to arbitrary code execution.\n\n - CVE-2008-5014\n Jesse Ruderman discovered that a programming error in\n the window.__proto__.__proto__ object could lead to\n arbitrary code execution.\n\n - CVE-2008-5017\n It was discovered that crashes in the layout engine\n could lead to arbitrary code execution.\n\n - CVE-2008-5018\n It was discovered that crashes in the JavaScript engine\n could lead to arbitrary code execution.\n\n - CVE-2008-5021\n It was discovered that a crash in the nsFrameManager\n might lead to the execution of arbitrary code.\n\n - CVE-2008-5022\n 'moz_bug_r_a4' discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be\n bypassed.\n\n - CVE-2008-5023\n Collin Jackson discovered that the -moz-binding property\n bypasses security checks on codebase principals.\n\n - CVE-2008-5024\n Chris Evans discovered that quote characters were\n improperly escaped in the default namespace of E4X\n documents.", "edition": 27, "published": "2008-11-25T00:00:00", "title": "Debian DSA-1671-1 : iceweasel - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-4582"], "modified": "2008-11-25T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:iceweasel"], "id": "DEBIAN_DSA-1671.NASL", "href": "https://www.tenable.com/plugins/nessus/34950", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1671. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34950);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-4582\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\");\n script_xref(name:\"DSA\", value:\"1671\");\n\n script_name(english:\"Debian DSA-1671-1 : iceweasel - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Iceweasel\nwebbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0017\n Justin Schuh discovered that a buffer overflow in the\n http-index-format parser could lead to arbitrary code\n execution.\n\n - CVE-2008-4582\n Liu Die Yu discovered an information leak through local\n shortcut files.\n\n - CVE-2008-5012\n Georgi Guninski, Michal Zalewski and Chris Evan\n discovered that the canvas element could be used to\n bypass same-origin restrictions.\n\n - CVE-2008-5013\n It was discovered that insufficient checks in the Flash\n plugin glue code could lead to arbitrary code execution.\n\n - CVE-2008-5014\n Jesse Ruderman discovered that a programming error in\n the window.__proto__.__proto__ object could lead to\n arbitrary code execution.\n\n - CVE-2008-5017\n It was discovered that crashes in the layout engine\n could lead to arbitrary code execution.\n\n - CVE-2008-5018\n It was discovered that crashes in the JavaScript engine\n could lead to arbitrary code execution.\n\n - CVE-2008-5021\n It was discovered that a crash in the nsFrameManager\n might lead to the execution of arbitrary code.\n\n - CVE-2008-5022\n 'moz_bug_r_a4' discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be\n bypassed.\n\n - CVE-2008-5023\n Collin Jackson discovered that the -moz-binding property\n bypasses security checks on codebase principals.\n\n - CVE-2008-5024\n Chris Evans discovered that quote characters were\n improperly escaped in the default namespace of E4X\n documents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1671\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.18-0etch1.\n\nFor the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), these problems have been fixed in version 3.0.4-1\nof iceweasel and version 1.9.0.4-1 of xulrunner. Packages for arm and\nmips will be provided soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119, 189, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"firefox\", reference:\"2.0.0.18-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"firefox-dom-inspector\", reference:\"2.0.0.18-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"firefox-gnome-support\", reference:\"2.0.0.18-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel\", reference:\"2.0.0.18-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-dbg\", reference:\"2.0.0.18-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-dom-inspector\", reference:\"2.0.0.18-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-gnome-support\", reference:\"2.0.0.18-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox\", reference:\"2.0.0.18-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox-dom-inspector\", reference:\"2.0.0.18-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox-gnome-support\", reference:\"2.0.0.18-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:51:59", "description": "Security vulnerabilities have been discovered and corrected in the\nlatest Mozilla Firefox 2.x, version 2.0.0.18 (CVE-2008-0017,\nCVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017,\nCVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022,\nCVE-2008-5023, CVE-2008-5024, CVE-2008-5052).\n\nThis update provides the latest Mozilla Firefox 2.x to correct these\nissues.", "edition": 27, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:228)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mozilla-firefox-nb_NO", "p-cpe:/a:mandriva:linux:epiphany-devel", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0", "p-cpe:/a:mandriva:linux:mozilla-firefox-theme-kdeff", "p-cpe:/a:mandriva:linux:mozilla-firefox-zh_CN", "p-cpe:/a:mandriva:linux:totem-common", "p-cpe:/a:mandriva:linux:mozilla-firefox-es_AR", "p-cpe:/a:mandriva:linux:lib64gluezilla0", "p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed", "p-cpe:/a:mandriva:linux:mozilla-firefox-ca", "p-cpe:/a:mandriva:linux:lib64mozilla-firefox-devel", "p-cpe:/a:mandriva:linux:lib64mozilla-firefox2.0.0.18", "p-cpe:/a:mandriva:linux:libswt3-gtk2", "p-cpe:/a:mandriva:linux:mozilla-firefox-nl", "p-cpe:/a:mandriva:linux:mozilla-firefox-lt", "p-cpe:/a:mandriva:linux:libmozilla-firefox-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-zh_TW", "p-cpe:/a:mandriva:linux:libdevhelp-1-devel", "p-cpe:/a:mandriva:linux:libdevhelp-1_0", "p-cpe:/a:mandriva:linux:mozilla-firefox-ka", "p-cpe:/a:mandriva:linux:mozilla-firefox-ga", "p-cpe:/a:mandriva:linux:mozilla-firefox-it", "p-cpe:/a:mandriva:linux:mozilla-firefox-ru", "p-cpe:/a:mandriva:linux:eclipse-jdt", "p-cpe:/a:mandriva:linux:devhelp-plugins", "p-cpe:/a:mandriva:linux:mozilla-firefox-da", "p-cpe:/a:mandriva:linux:mozilla-firefox-ku", "p-cpe:/a:mandriva:linux:gnome-python-gda", "p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2", "p-cpe:/a:mandriva:linux:mozilla-firefox-en_GB", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:mozilla-firefox-af", "p-cpe:/a:mandriva:linux:totem-mozilla-gstreamer", "p-cpe:/a:mandriva:linux:mozilla-firefox-sk", "p-cpe:/a:mandriva:linux:mozilla-firefox-he", "p-cpe:/a:mandriva:linux:mozilla-firefox-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-firefox-pt_PT", "p-cpe:/a:mandriva:linux:yelp", "p-cpe:/a:mandriva:linux:mozilla-firefox-ro", "p-cpe:/a:mandriva:linux:mozilla-firefox-ja", "p-cpe:/a:mandriva:linux:mozilla-firefox-sl", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libtotem-plparser7", "p-cpe:/a:mandriva:linux:libmozilla-firefox2.0.0.18", "p-cpe:/a:mandriva:linux:galeon", "p-cpe:/a:mandriva:linux:libgluezilla0", "p-cpe:/a:mandriva:linux:mozilla-firefox-pl", "p-cpe:/a:mandriva:linux:mozilla-firefox-fy", "p-cpe:/a:mandriva:linux:mozilla-firefox-pa_IN", "p-cpe:/a:mandriva:linux:totem-mozilla", "p-cpe:/a:mandriva:linux:mozilla-firefox-mn", "p-cpe:/a:mandriva:linux:mozilla-firefox", "p-cpe:/a:mandriva:linux:mozilla-firefox-tr", "p-cpe:/a:mandriva:linux:eclipse-ecj", "p-cpe:/a:mandriva:linux:lib64totem-plparser-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-fr", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks", "p-cpe:/a:mandriva:linux:mozilla-firefox-es_ES", "p-cpe:/a:mandriva:linux:mozilla-firefox-mk", "p-cpe:/a:mandriva:linux:mozilla-firefox-nn_NO", "p-cpe:/a:mandriva:linux:mozilla-firefox-cs", "p-cpe:/a:mandriva:linux:mozilla-firefox-de", "p-cpe:/a:mandriva:linux:lib64devhelp-1-devel", "p-cpe:/a:mandriva:linux:eclipse-pde", "p-cpe:/a:mandriva:linux:mozilla-firefox-theme-gnome", "p-cpe:/a:mandriva:linux:mozilla-firefox-bg", "p-cpe:/a:mandriva:linux:epiphany", "p-cpe:/a:mandriva:linux:mozilla-firefox-eu", "p-cpe:/a:mandriva:linux:gnome-python-gksu", "p-cpe:/a:mandriva:linux:mozilla-firefox-fi", "p-cpe:/a:mandriva:linux:mozilla-firefox-uk", "p-cpe:/a:mandriva:linux:eclipse-rcp", "p-cpe:/a:mandriva:linux:mozilla-firefox-ar", "p-cpe:/a:mandriva:linux:eclipse-cvs-client", "p-cpe:/a:mandriva:linux:mozilla-firefox-br_FR", "p-cpe:/a:mandriva:linux:eclipse-pde-runtime", "p-cpe:/a:mandriva:linux:lib64totem-plparser7", "p-cpe:/a:mandriva:linux:devhelp", "p-cpe:/a:mandriva:linux:mozilla-firefox-et_EE", "p-cpe:/a:mandriva:linux:mozilla-firefox-sv_SE", "p-cpe:/a:mandriva:linux:gnome-python-gdl", "p-cpe:/a:mandriva:linux:eclipse-platform", "p-cpe:/a:mandriva:linux:mozilla-firefox-gu_IN", "p-cpe:/a:mandriva:linux:totem-gstreamer", "p-cpe:/a:mandriva:linux:mozilla-firefox-ko", "p-cpe:/a:mandriva:linux:libtotem-plparser-devel", "p-cpe:/a:mandriva:linux:gnome-python-gda-devel", "p-cpe:/a:mandriva:linux:gnome-python-extras", "p-cpe:/a:mandriva:linux:totem", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr", "p-cpe:/a:mandriva:linux:mozilla-firefox-be", "p-cpe:/a:mandriva:linux:mozilla-firefox-gnome-support", "p-cpe:/a:mandriva:linux:mozilla-firefox-hu", "p-cpe:/a:mandriva:linux:mozilla-firefox-el", "p-cpe:/a:mandriva:linux:gnome-python-gtkspell"], "id": "MANDRIVA_MDVSA-2008-228.NASL", "href": "https://www.tenable.com/plugins/nessus/37285", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:228. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37285);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2008-0017\",\n \"CVE-2008-5012\",\n \"CVE-2008-5013\",\n \"CVE-2008-5014\",\n \"CVE-2008-5017\",\n \"CVE-2008-5018\",\n \"CVE-2008-5019\",\n \"CVE-2008-5021\",\n \"CVE-2008-5022\",\n \"CVE-2008-5023\",\n \"CVE-2008-5024\",\n \"CVE-2008-5052\"\n );\n script_bugtraq_id(32281);\n script_xref(name:\"MDVSA\", value:\"2008:228\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:228)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security vulnerabilities have been discovered and corrected in the\nlatest Mozilla Firefox 2.x, version 2.0.0.18 (CVE-2008-0017,\nCVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017,\nCVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022,\nCVE-2008-5023, CVE-2008-5024, CVE-2008-5052).\n\nThis update provides the latest Mozilla Firefox 2.x to correct these\nissues.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-2.0/#firefox2.0.0.18\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dd735af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 79, 94, 119, 189, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-cvs-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-ecj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-jdt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-platform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-rcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gksu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gluezilla0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mozilla-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mozilla-firefox2.0.0.18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgluezilla0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmozilla-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmozilla-firefox2.0.0.18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libswt3-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-br_FR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-theme-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-theme-kdeff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"devhelp-0.16-1.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"devhelp-plugins-0.16-1.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-cvs-client-3.3.0-0.20.8.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-ecj-3.3.0-0.20.8.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-jdt-3.3.0-0.20.8.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-pde-3.3.0-0.20.8.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-pde-runtime-3.3.0-0.20.8.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-platform-3.3.0-0.20.8.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-rcp-3.3.0-0.20.8.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"epiphany-2.20.0-1.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"epiphany-devel-2.20.0-1.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"galeon-2.0.3-7.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-extras-2.19.1-4.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gda-2.19.1-4.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gda-devel-2.19.1-4.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gdl-2.19.1-4.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gksu-2.19.1-4.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkhtml2-2.19.1-4.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkmozembed-2.19.1-4.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkspell-2.19.1-4.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.16-1.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.16-1.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox-devel-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox2.0.0.18-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64totem-plparser-devel-2.20.1-1.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64totem-plparser7-2.20.1-1.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.16-1.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.16-1.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmozilla-firefox-devel-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmozilla-firefox2.0.0.18-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libswt3-gtk2-3.3.0-0.20.8.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtotem-plparser-devel-2.20.1-1.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtotem-plparser7-2.20.1-1.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-af-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ar-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-be-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-bg-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-br_FR-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ca-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-cs-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-da-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-de-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-el-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-en_GB-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-es_AR-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-es_ES-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-et_EE-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-eu-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-blogrovr-1.1.779-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-foxmarks-2.0.47.4-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-scribefire-2.2.7-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fi-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fr-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fy-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ga-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-gu_IN-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-he-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-hu-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-it-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ja-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ka-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ko-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ku-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-lt-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-mk-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-mn-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nb_NO-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nl-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nn_NO-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pa_IN-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pl-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pt_BR-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pt_PT-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ro-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ru-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sk-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sl-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sv_SE-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-tr-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-uk-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-zh_CN-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-zh_TW-2.0.0.18-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-2.20.1-1.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-common-2.20.1-1.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-gstreamer-2.20.1-1.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-mozilla-2.20.1-1.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-mozilla-gstreamer-2.20.1-1.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"yelp-2.20.0-3.9mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"devhelp-0.19-3.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"devhelp-plugins-0.19-3.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"epiphany-2.22.0-4.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"epiphany-devel-2.22.0-4.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"galeon-2.0.4-3.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-extras-2.19.1-10.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gda-2.19.1-10.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gda-devel-2.19.1-10.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gdl-2.19.1-10.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gksu-2.19.1-10.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gtkhtml2-2.19.1-10.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gtkmozembed-2.19.1-10.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gtkspell-2.19.1-10.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.19-3.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.19-3.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64gluezilla0-1.2.6.1-2.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox-devel-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox2.0.0.18-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.19-3.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.19-3.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libgluezilla0-1.2.6.1-2.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libmozilla-firefox-devel-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libmozilla-firefox2.0.0.18-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-af-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ar-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-be-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-bg-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-br_FR-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ca-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-cs-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-da-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-de-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-el-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-en_GB-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-es_AR-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-es_ES-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-et_EE-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-eu-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ext-blogrovr-1.1.779-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ext-foxmarks-2.0.47.4-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ext-scribefire-2.2.7-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-fi-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-fr-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-fy-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ga-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-gnome-support-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-gu_IN-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-he-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-hu-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-it-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ja-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ka-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ko-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ku-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-lt-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-mk-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-mn-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-nb_NO-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-nl-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-nn_NO-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-pa_IN-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-pl-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-pt_BR-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-pt_PT-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ro-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ru-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-sk-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-sl-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-sv_SE-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-theme-gnome-2.0.0-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-theme-kdeff-0.4-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-tr-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-uk-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-zh_CN-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-zh_TW-2.0.0.18-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-2.22.0-4.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-common-2.22.0-4.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-gstreamer-2.22.0-4.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-mozilla-2.22.0-4.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-mozilla-gstreamer-2.22.0-4.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"yelp-2.22.0-2.6mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:51:35", "description": "This update backports security fixes to the Mozilla XULRunner engine.\n\nIt fixes following security issues :\n\nCVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser\n(nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an\nallocation failure, which allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via an HTTP index\nresponse with a crafted 200 header, which triggers memory corruption\nand a buffer overflow.\n\nCVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18,\nThunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do\nnot properly change the source URI when processing a canvas element\nand an HTTP redirect, which allows remote attackers to bypass the same\norigin policy and access arbitrary images that are not directly\naccessible to the attacker. NOTE: this issue can be leveraged to\nenumerate software on the client by performing redirections related to\nmoz-icon.\n\nCVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and\nSeaMonkey 1.x before 1.1.13 do not properly check when the Flash\nmodule has been dynamically unloaded properly, which allows remote\nattackers to execute arbitrary code via a crafted SWF file that\n'dynamically unloads itself from an outside JavaScript function,'\nwhich triggers an access of an expired memory address.\n\nCVE-2008-5014 / MFSA 2008-50: jslock.cpp in Mozilla Firefox 3.x before\n3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying the window.__proto__.__proto__ object in a way that causes a\nlock on a non-native object, which triggers an assertion failure\nrelated to the OBJ_IS_NATIVE function.\n\nCVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x\nbefore 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\nbefore 1.1.13 allows remote attackers to cause a denial of service\n(crash) via multiple vectors that trigger an assertion failure or\nother consequences.\n\nCVE-2008-5017 / MFSA 2008-52: Integer overflow in\nxpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x\nbefore 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via unknown vectors.\n\nCVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox\n3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via vectors related to 'insufficient\nclass checking' in the Date class.\n\nCVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying properties of a file input element while it is still being\ninitialized, then using the blur method to access uninitialized\nmemory.\n\nCVE-2008-5022 / MFSA 2008-56: The\nnsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the\nsame-origin policy and execute arbitrary script via multiple\nlisteners, which bypass the inner window check.\n\nCVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x\nbefore 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to bypass the protection mechanism for codebase principals\nand execute arbitrary script via the -moz-binding CSS property in a\nsigned JAR file.\n\nCVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4,\nFirefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\nSeaMonkey 1.x before 1.1.13 do not properly escape quote characters\nused for XML processing, allows remote attackers to conduct XML\ninjection attacks via the default namespace in an E4X document.\n\nCVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the\nJavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird\n2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to cause a denial of service (crash) via unknown vectors\nthat trigger memory corruption, as demonstrated by\ne4x/extensions/regress-410192.js.", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-329)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:epiphany", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n", "p-cpe:/a:novell:opensuse:epiphany-extensions", "p-cpe:/a:novell:opensuse:epiphany-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181"], "id": "SUSE_11_0_MOZILLA-XULRUNNER181-081122.NASL", "href": "https://www.tenable.com/plugins/nessus/40072", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner181-329.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40072);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:31\");\n\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\");\n\n script_name(english:\"openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-329)\");\n script_summary(english:\"Check for the mozilla-xulrunner181-329 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update backports security fixes to the Mozilla XULRunner engine.\n\nIt fixes following security issues :\n\nCVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser\n(nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an\nallocation failure, which allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via an HTTP index\nresponse with a crafted 200 header, which triggers memory corruption\nand a buffer overflow.\n\nCVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18,\nThunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do\nnot properly change the source URI when processing a canvas element\nand an HTTP redirect, which allows remote attackers to bypass the same\norigin policy and access arbitrary images that are not directly\naccessible to the attacker. NOTE: this issue can be leveraged to\nenumerate software on the client by performing redirections related to\nmoz-icon.\n\nCVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and\nSeaMonkey 1.x before 1.1.13 do not properly check when the Flash\nmodule has been dynamically unloaded properly, which allows remote\nattackers to execute arbitrary code via a crafted SWF file that\n'dynamically unloads itself from an outside JavaScript function,'\nwhich triggers an access of an expired memory address.\n\nCVE-2008-5014 / MFSA 2008-50: jslock.cpp in Mozilla Firefox 3.x before\n3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying the window.__proto__.__proto__ object in a way that causes a\nlock on a non-native object, which triggers an assertion failure\nrelated to the OBJ_IS_NATIVE function.\n\nCVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x\nbefore 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\nbefore 1.1.13 allows remote attackers to cause a denial of service\n(crash) via multiple vectors that trigger an assertion failure or\nother consequences.\n\nCVE-2008-5017 / MFSA 2008-52: Integer overflow in\nxpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x\nbefore 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via unknown vectors.\n\nCVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox\n3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via vectors related to 'insufficient\nclass checking' in the Date class.\n\nCVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying properties of a file input element while it is still being\ninitialized, then using the blur method to access uninitialized\nmemory.\n\nCVE-2008-5022 / MFSA 2008-56: The\nnsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the\nsame-origin policy and execute arbitrary script via multiple\nlisteners, which bypass the inner window check.\n\nCVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x\nbefore 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to bypass the protection mechanism for codebase principals\nand execute arbitrary script via the -moz-binding CSS property in a\nsigned JAR file.\n\nCVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4,\nFirefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\nSeaMonkey 1.x before 1.1.13 do not properly escape quote characters\nused for XML processing, allows remote attackers to conduct XML\ninjection attacks via the default namespace in an E4X document.\n\nCVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the\nJavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird\n2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to cause a denial of service (crash) via unknown vectors\nthat trigger memory corruption, as demonstrated by\ne4x/extensions/regress-410192.js.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=439841\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner181 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119, 189, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"epiphany-2.22.1.1-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"epiphany-devel-2.22.1.1-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"epiphany-extensions-2.22.0-37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner181-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner181-devel-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner181-l10n-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner181-32bit-1.8.1.18-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner181\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:30:25", "description": "This update backports the latest security fixes to the Mozilla\nXULRunner engine.\n\nIt fixes following security issues :\n\n - The http-index-format MIME type parser\n (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox\n 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13\n does not check for an allocation failure, which allows\n remote attackers to cause a denial of service (crash)\n and possibly execute arbitrary code via an HTTP index\n response with a crafted 200 header, which triggers\n memory corruption and a buffer overflow. (CVE-2008-0017\n / MFSA 2008-54)\n\n - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x\n before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not\n properly change the source URI when processing a canvas\n element and an HTTP redirect, which allows remote\n attackers to bypass the same origin policy and access\n arbitrary images that are not directly accessible to the\n attacker. NOTE: this issue can be leveraged to enumerate\n software on the client by performing redirections\n related to moz-icon. (CVE-2008-5012 / MFSA 2008-48)\n\n - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x\n before 1.1.13 do not properly check when the Flash\n module has been dynamically unloaded properly, which\n allows remote attackers to execute arbitrary code via a\n crafted SWF file that 'dynamically unloads itself from\n an outside JavaScript function,' which triggers an\n access of an expired memory address. (CVE-2008-5013 /\n MFSA 2008-49)\n\n - jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox\n 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\n and SeaMonkey 1.x before 1.1.13 allows remote attackers\n to cause a denial of service (crash) and possibly\n execute arbitrary code by modifying the\n window.__proto__.__proto__ object in a way that causes a\n lock on a non-native object, which triggers an assertion\n failure related to the OBJ_IS_NATIVE function.\n (CVE-2008-5014 / MFSA 2008-50)\n\n - The layout engine in Mozilla Firefox 3.x before 3.0.4,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to cause a denial\n of service (crash) via multiple vectors that trigger an\n assertion failure or other consequences. (CVE-2008-5016\n / MFSA 2008-52)\n\n - Integer overflow in xpcom/io/nsEscape.cpp in the browser\n engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x\n before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\n SeaMonkey 1.x before 1.1.13 allows remote attackers to\n cause a denial of service (crash) via unknown vectors.\n (CVE-2008-5017 / MFSA 2008-52)\n\n - The JavaScript engine in Mozilla Firefox 3.x before\n 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x\n before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows\n remote attackers to cause a denial of service (crash)\n via vectors related to 'insufficient class checking' in\n the Date class. (CVE-2008-5018 / MFSA 2008-52)\n\n - nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x\n before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\n SeaMonkey 1.x before 1.1.13 allows remote attackers to\n cause a denial of service (crash) and possibly execute\n arbitrary code by modifying properties of a file input\n element while it is still being initialized, then using\n the blur method to access uninitialized memory.\n (CVE-2008-5021 / MFSA 2008-55)\n\n - The nsXMLHttpRequest::NotifyEventListeners method in\n Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to bypass the\n same-origin policy and execute arbitrary script via\n multiple listeners, which bypass the inner window check.\n (CVE-2008-5022 / MFSA 2008-56)\n\n - Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,\n and SeaMonkey 1.x before 1.1.13 allows remote attackers\n to bypass the protection mechanism for codebase\n principals and execute arbitrary script via the\n -moz-binding CSS property in a signed JAR file.\n (CVE-2008-5023 / MFSA 2008-57)\n\n - Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before\n 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey\n 1.x before 1.1.13 do not properly escape quote\n characters used for XML processing, allows remote\n attackers to conduct XML injection attacks via the\n default namespace in an E4X document. (CVE-2008-5024 /\n MFSA 2008-58)\n\n - The AppendAttributeValue function in the JavaScript\n engine in Mozilla Firefox 2.x before 2.0.0.18,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to cause a denial\n of service (crash) via unknown vectors that trigger\n memory corruption, as demonstrated by\n e4x/extensions/regress-410192.js. (CVE-2008-5052 / MFSA\n 2008-52)", "edition": 24, "published": "2008-11-26T00:00:00", "title": "SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GECKO-SDK-5811.NASL", "href": "https://www.tenable.com/plugins/nessus/34967", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34967);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\");\n\n script_name(english:\"SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update backports the latest security fixes to the Mozilla\nXULRunner engine.\n\nIt fixes following security issues :\n\n - The http-index-format MIME type parser\n (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox\n 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13\n does not check for an allocation failure, which allows\n remote attackers to cause a denial of service (crash)\n and possibly execute arbitrary code via an HTTP index\n response with a crafted 200 header, which triggers\n memory corruption and a buffer overflow. (CVE-2008-0017\n / MFSA 2008-54)\n\n - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x\n before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not\n properly change the source URI when processing a canvas\n element and an HTTP redirect, which allows remote\n attackers to bypass the same origin policy and access\n arbitrary images that are not directly accessible to the\n attacker. NOTE: this issue can be leveraged to enumerate\n software on the client by performing redirections\n related to moz-icon. (CVE-2008-5012 / MFSA 2008-48)\n\n - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x\n before 1.1.13 do not properly check when the Flash\n module has been dynamically unloaded properly, which\n allows remote attackers to execute arbitrary code via a\n crafted SWF file that 'dynamically unloads itself from\n an outside JavaScript function,' which triggers an\n access of an expired memory address. (CVE-2008-5013 /\n MFSA 2008-49)\n\n - jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox\n 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\n and SeaMonkey 1.x before 1.1.13 allows remote attackers\n to cause a denial of service (crash) and possibly\n execute arbitrary code by modifying the\n window.__proto__.__proto__ object in a way that causes a\n lock on a non-native object, which triggers an assertion\n failure related to the OBJ_IS_NATIVE function.\n (CVE-2008-5014 / MFSA 2008-50)\n\n - The layout engine in Mozilla Firefox 3.x before 3.0.4,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to cause a denial\n of service (crash) via multiple vectors that trigger an\n assertion failure or other consequences. (CVE-2008-5016\n / MFSA 2008-52)\n\n - Integer overflow in xpcom/io/nsEscape.cpp in the browser\n engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x\n before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\n SeaMonkey 1.x before 1.1.13 allows remote attackers to\n cause a denial of service (crash) via unknown vectors.\n (CVE-2008-5017 / MFSA 2008-52)\n\n - The JavaScript engine in Mozilla Firefox 3.x before\n 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x\n before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows\n remote attackers to cause a denial of service (crash)\n via vectors related to 'insufficient class checking' in\n the Date class. (CVE-2008-5018 / MFSA 2008-52)\n\n - nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x\n before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\n SeaMonkey 1.x before 1.1.13 allows remote attackers to\n cause a denial of service (crash) and possibly execute\n arbitrary code by modifying properties of a file input\n element while it is still being initialized, then using\n the blur method to access uninitialized memory.\n (CVE-2008-5021 / MFSA 2008-55)\n\n - The nsXMLHttpRequest::NotifyEventListeners method in\n Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to bypass the\n same-origin policy and execute arbitrary script via\n multiple listeners, which bypass the inner window check.\n (CVE-2008-5022 / MFSA 2008-56)\n\n - Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,\n and SeaMonkey 1.x before 1.1.13 allows remote attackers\n to bypass the protection mechanism for codebase\n principals and execute arbitrary script via the\n -moz-binding CSS property in a signed JAR file.\n (CVE-2008-5023 / MFSA 2008-57)\n\n - Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before\n 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey\n 1.x before 1.1.13 do not properly escape quote\n characters used for XML processing, allows remote\n attackers to conduct XML injection attacks via the\n default namespace in an E4X document. (CVE-2008-5024 /\n MFSA 2008-58)\n\n - The AppendAttributeValue function in the JavaScript\n engine in Mozilla Firefox 2.x before 2.0.0.18,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to cause a denial\n of service (crash) via unknown vectors that trigger\n memory corruption, as demonstrated by\n e4x/extensions/regress-410192.js. (CVE-2008-5052 / MFSA\n 2008-52)\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-48.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-48/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-49.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-49/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-50.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-50/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-52.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-54.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-54/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-55.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-55/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-56.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-56/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-57/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-58.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-58/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5052.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5811.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119, 189, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"gecko-sdk-1.8.0.14eol-0.9\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"mozilla-xulrunner-1.8.0.14eol-0.9\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner-32bit-1.8.0.14eol-0.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"mozilla-xulrunner-1.8.0.14eol-0.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner-32bit-1.8.0.14eol-0.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:33:16", "description": "This update brings the Mozilla SeaMonkey browser to version 1.1.13.\n\nIt fixes following security issues :\n\nCVE-2008-0017 / MFSA 2008-54 :\n\nThe http-index-format MIME type parser (nsDirIndexParser) in Firefox\n3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x\nbefore 1.1.13 does not check for an allocation failure, which allows\nremote attackers to cause a denial of service (crash) and possibly\nexecute arbitrary code via an HTTP index response with a crafted 200\nheader, which triggers memory corruption and a buffer overflow.\n\nCVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18,\nThunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do\nnot properly change the source URI when processing a canvas element\nand an HTTP redirect, which allows remote attackers to bypass the same\norigin policy and access arbitrary images that are not directly\naccessible to the attacker. NOTE: this issue can be leveraged to\nenumerate software on the client by performing redirections related to\nmoz-icon.\n\nCVE-2008-5013 / MFSA 2008-49 :\n\nMozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do\nnot properly check when the Flash module has been dynamically unloaded\nproperly, which allows remote attackers to execute arbitrary code via\na crafted SWF file that 'dynamically unloads itself from an outside\nJavaScript function,' which triggers an access of an expired memory\naddress.\n\nCVE-2008-5014 / MFSA 2008-50\n\njslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before\n2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before\n1.1.13 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code by modifying the\nwindow.__proto__.__proto__ object in a way that causes a lock on a\nnon-native object, which triggers an assertion failure related to the\nOBJ_IS_NATIVE function.\n\nCVE-2008-5016 / MFSA 2008-52 :\n\nThe layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x\nbefore 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to cause a denial of service (crash) via multiple vectors\nthat trigger an assertion failure or other consequences.\n\nCVE-2008-5017 / MFSA 2008-52: Integer overflow in\nxpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x\nbefore 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via unknown vectors.\n\nCVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox\n3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via vectors related to 'insufficient\nclass checking' in the Date class.\n\nCVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying properties of a file input element while it is still being\ninitialized, then using the blur method to access uninitialized\nmemory.\n\nCVE-2008-5022 / MFSA 2008-56: The\nnsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the\nsame-origin policy and execute arbitrary script via multiple\nlisteners, which bypass the inner window check.\n\nCVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x\nbefore 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to bypass the protection mechanism for codebase principals\nand execute arbitrary script via the -moz-binding CSS property in a\nsigned JAR file.\n\nCVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4,\nFirefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\nSeaMonkey 1.x before 1.1.13 do not properly escape quote characters\nused for XML processing, allows remote attackers to conduct XML\ninjection attacks via the default namespace in an E4X document.\n\nCVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the\nJavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird\n2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to cause a denial of service (crash) via unknown vectors\nthat trigger memory corruption, as demonstrated by\ne4x/extensions/regress-410192.js.", "edition": 24, "published": "2008-11-25T00:00:00", "title": "openSUSE 10 Security Update : seamonkey (seamonkey-5815)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:seamonkey-mail", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-spellchecker", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_SEAMONKEY-5815.NASL", "href": "https://www.tenable.com/plugins/nessus/34961", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5815.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34961);\n script_version (\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\");\n\n script_name(english:\"openSUSE 10 Security Update : seamonkey (seamonkey-5815)\");\n script_summary(english:\"Check for the seamonkey-5815 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla SeaMonkey browser to version 1.1.13.\n\nIt fixes following security issues :\n\nCVE-2008-0017 / MFSA 2008-54 :\n\nThe http-index-format MIME type parser (nsDirIndexParser) in Firefox\n3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x\nbefore 1.1.13 does not check for an allocation failure, which allows\nremote attackers to cause a denial of service (crash) and possibly\nexecute arbitrary code via an HTTP index response with a crafted 200\nheader, which triggers memory corruption and a buffer overflow.\n\nCVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18,\nThunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do\nnot properly change the source URI when processing a canvas element\nand an HTTP redirect, which allows remote attackers to bypass the same\norigin policy and access arbitrary images that are not directly\naccessible to the attacker. NOTE: this issue can be leveraged to\nenumerate software on the client by performing redirections related to\nmoz-icon.\n\nCVE-2008-5013 / MFSA 2008-49 :\n\nMozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do\nnot properly check when the Flash module has been dynamically unloaded\nproperly, which allows remote attackers to execute arbitrary code via\na crafted SWF file that 'dynamically unloads itself from an outside\nJavaScript function,' which triggers an access of an expired memory\naddress.\n\nCVE-2008-5014 / MFSA 2008-50\n\njslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before\n2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before\n1.1.13 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code by modifying the\nwindow.__proto__.__proto__ object in a way that causes a lock on a\nnon-native object, which triggers an assertion failure related to the\nOBJ_IS_NATIVE function.\n\nCVE-2008-5016 / MFSA 2008-52 :\n\nThe layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x\nbefore 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to cause a denial of service (crash) via multiple vectors\nthat trigger an assertion failure or other consequences.\n\nCVE-2008-5017 / MFSA 2008-52: Integer overflow in\nxpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x\nbefore 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via unknown vectors.\n\nCVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox\n3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via vectors related to 'insufficient\nclass checking' in the Date class.\n\nCVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying properties of a file input element while it is still being\ninitialized, then using the blur method to access uninitialized\nmemory.\n\nCVE-2008-5022 / MFSA 2008-56: The\nnsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the\nsame-origin policy and execute arbitrary script via multiple\nlisteners, which bypass the inner window check.\n\nCVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x\nbefore 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to bypass the protection mechanism for codebase principals\nand execute arbitrary script via the -moz-binding CSS property in a\nsigned JAR file.\n\nCVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4,\nFirefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\nSeaMonkey 1.x before 1.1.13 do not properly escape quote characters\nused for XML processing, allows remote attackers to conduct XML\ninjection attacks via the default namespace in an E4X document.\n\nCVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the\nJavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird\n2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to cause a denial of service (crash) via unknown vectors\nthat trigger memory corruption, as demonstrated by\ne4x/extensions/regress-410192.js.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119, 189, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-dom-inspector-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-irc-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-mail-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-spellchecker-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"seamonkey-venkman-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-dom-inspector-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-irc-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-mail-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-spellchecker-1.1.13-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"seamonkey-venkman-1.1.13-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:30:25", "description": "This update backports the latest security fixes to the Mozilla\nXULRunner engine.\n\nIt fixes following security issues :\n\n - The http-index-format MIME type parser\n (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox\n 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13\n does not check for an allocation failure, which allows\n remote attackers to cause a denial of service (crash)\n and possibly execute arbitrary code via an HTTP index\n response with a crafted 200 header, which triggers\n memory corruption and a buffer overflow. (CVE-2008-0017\n / MFSA 2008-54)\n\n - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x\n before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not\n properly change the source URI when processing a canvas\n element and an HTTP redirect, which allows remote\n attackers to bypass the same origin policy and access\n arbitrary images that are not directly accessible to the\n attacker. NOTE: this issue can be leveraged to enumerate\n software on the client by performing redirections\n related to moz-icon. (CVE-2008-5012 / MFSA 2008-48)\n\n - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x\n before 1.1.13 do not properly check when the Flash\n module has been dynamically unloaded properly, which\n allows remote attackers to execute arbitrary code via a\n crafted SWF file that 'dynamically unloads itself from\n an outside JavaScript function,' which triggers an\n access of an expired memory address. (CVE-2008-5013 /\n MFSA 2008-49)\n\n - jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox\n 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\n and SeaMonkey 1.x before 1.1.13 allows remote attackers\n to cause a denial of service (crash) and possibly\n execute arbitrary code by modifying the\n window.__proto__.__proto__ object in a way that causes a\n lock on a non-native object, which triggers an assertion\n failure related to the OBJ_IS_NATIVE function.\n (CVE-2008-5014 / MFSA 2008-50)\n\n - The layout engine in Mozilla Firefox 3.x before 3.0.4,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to cause a denial\n of service (crash) via multiple vectors that trigger an\n assertion failure or other consequences. (CVE-2008-5016\n / MFSA 2008-52)\n\n - Integer overflow in xpcom/io/nsEscape.cpp in the browser\n engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x\n before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\n SeaMonkey 1.x before 1.1.13 allows remote attackers to\n cause a denial of service (crash) via unknown vectors.\n (CVE-2008-5017 / MFSA 2008-52)\n\n - The JavaScript engine in Mozilla Firefox 3.x before\n 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x\n before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows\n remote attackers to cause a denial of service (crash)\n via vectors related to 'insufficient class checking' in\n the Date class. (CVE-2008-5018 / MFSA 2008-52)\n\n - nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x\n before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\n SeaMonkey 1.x before 1.1.13 allows remote attackers to\n cause a denial of service (crash) and possibly execute\n arbitrary code by modifying properties of a file input\n element while it is still being initialized, then using\n the blur method to access uninitialized memory.\n (CVE-2008-5021 / MFSA 2008-55)\n\n - The nsXMLHttpRequest::NotifyEventListeners method in\n Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to bypass the\n same-origin policy and execute arbitrary script via\n multiple listeners, which bypass the inner window check.\n (CVE-2008-5022 / MFSA 2008-56)\n\n - Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,\n and SeaMonkey 1.x before 1.1.13 allows remote attackers\n to bypass the protection mechanism for codebase\n principals and execute arbitrary script via the\n -moz-binding CSS property in a signed JAR file.\n (CVE-2008-5023 / MFSA 2008-57)\n\n - Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before\n 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey\n 1.x before 1.1.13 do not properly escape quote\n characters used for XML processing, allows remote\n attackers to conduct XML injection attacks via the\n default namespace in an E4X document. (CVE-2008-5024 /\n MFSA 2008-58)\n\n - The AppendAttributeValue function in the JavaScript\n engine in Mozilla Firefox 2.x before 2.0.0.18,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to cause a denial\n of service (crash) via unknown vectors that trigger\n memory corruption, as demonstrated by\n e4x/extensions/regress-410192.js. (CVE-2008-5052 / MFSA\n 2008-52)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5813)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GECKO-SDK-5813.NASL", "href": "https://www.tenable.com/plugins/nessus/41511", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41511);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\");\n\n script_name(english:\"SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5813)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update backports the latest security fixes to the Mozilla\nXULRunner engine.\n\nIt fixes following security issues :\n\n - The http-index-format MIME type parser\n (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox\n 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13\n does not check for an allocation failure, which allows\n remote attackers to cause a denial of service (crash)\n and possibly execute arbitrary code via an HTTP index\n response with a crafted 200 header, which triggers\n memory corruption and a buffer overflow. (CVE-2008-0017\n / MFSA 2008-54)\n\n - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x\n before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not\n properly change the source URI when processing a canvas\n element and an HTTP redirect, which allows remote\n attackers to bypass the same origin policy and access\n arbitrary images that are not directly accessible to the\n attacker. NOTE: this issue can be leveraged to enumerate\n software on the client by performing redirections\n related to moz-icon. (CVE-2008-5012 / MFSA 2008-48)\n\n - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x\n before 1.1.13 do not properly check when the Flash\n module has been dynamically unloaded properly, which\n allows remote attackers to execute arbitrary code via a\n crafted SWF file that 'dynamically unloads itself from\n an outside JavaScript function,' which triggers an\n access of an expired memory address. (CVE-2008-5013 /\n MFSA 2008-49)\n\n - jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox\n 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\n and SeaMonkey 1.x before 1.1.13 allows remote attackers\n to cause a denial of service (crash) and possibly\n execute arbitrary code by modifying the\n window.__proto__.__proto__ object in a way that causes a\n lock on a non-native object, which triggers an assertion\n failure related to the OBJ_IS_NATIVE function.\n (CVE-2008-5014 / MFSA 2008-50)\n\n - The layout engine in Mozilla Firefox 3.x before 3.0.4,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to cause a denial\n of service (crash) via multiple vectors that trigger an\n assertion failure or other consequences. (CVE-2008-5016\n / MFSA 2008-52)\n\n - Integer overflow in xpcom/io/nsEscape.cpp in the browser\n engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x\n before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\n SeaMonkey 1.x before 1.1.13 allows remote attackers to\n cause a denial of service (crash) via unknown vectors.\n (CVE-2008-5017 / MFSA 2008-52)\n\n - The JavaScript engine in Mozilla Firefox 3.x before\n 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x\n before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows\n remote attackers to cause a denial of service (crash)\n via vectors related to 'insufficient class checking' in\n the Date class. (CVE-2008-5018 / MFSA 2008-52)\n\n - nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x\n before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\n SeaMonkey 1.x before 1.1.13 allows remote attackers to\n cause a denial of service (crash) and possibly execute\n arbitrary code by modifying properties of a file input\n element while it is still being initialized, then using\n the blur method to access uninitialized memory.\n (CVE-2008-5021 / MFSA 2008-55)\n\n - The nsXMLHttpRequest::NotifyEventListeners method in\n Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to bypass the\n same-origin policy and execute arbitrary script via\n multiple listeners, which bypass the inner window check.\n (CVE-2008-5022 / MFSA 2008-56)\n\n - Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,\n and SeaMonkey 1.x before 1.1.13 allows remote attackers\n to bypass the protection mechanism for codebase\n principals and execute arbitrary script via the\n -moz-binding CSS property in a signed JAR file.\n (CVE-2008-5023 / MFSA 2008-57)\n\n - Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before\n 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey\n 1.x before 1.1.13 do not properly escape quote\n characters used for XML processing, allows remote\n attackers to conduct XML injection attacks via the\n default namespace in an E4X document. (CVE-2008-5024 /\n MFSA 2008-58)\n\n - The AppendAttributeValue function in the JavaScript\n engine in Mozilla Firefox 2.x before 2.0.0.18,\n Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\n before 1.1.13 allows remote attackers to cause a denial\n of service (crash) via unknown vectors that trigger\n memory corruption, as demonstrated by\n e4x/extensions/regress-410192.js. (CVE-2008-5052 / MFSA\n 2008-52)\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-48.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-48/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-49.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-49/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-50.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-50/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-52.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-54.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-54/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-55.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-55/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-56.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-56/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-57/\"\n );\n # http://www.mozilla.org/security/announce/2008/mfsa2008-58.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-58/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5052.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5813.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119, 189, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"gecko-sdk-1.8.0.14eol-0.9\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"mozilla-xulrunner-1.8.0.14eol-0.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"mozilla-xulrunner-1.8.0.14eol-0.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:35:35", "description": "From Red Hat Security Advisory 2008:0977 :\n\nUpdated SeaMonkey packages that fix security issues are now available\nfor Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red\nHat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\nCVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n\nSeveral flaws were found in the way malformed content was processed. A\nweb site containing specially crafted content could potentially trick\na SeaMonkey user into surrendering sensitive information.\n(CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0977)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:seamonkey-nspr-devel", "p-cpe:/a:oracle:linux:seamonkey-mail", "p-cpe:/a:oracle:linux:seamonkey-devel", "p-cpe:/a:oracle:linux:seamonkey-nss-devel", "p-cpe:/a:oracle:linux:seamonkey", "p-cpe:/a:oracle:linux:seamonkey-nspr", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:seamonkey-dom-inspector", "p-cpe:/a:oracle:linux:seamonkey-nss", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:seamonkey-js-debugger", "p-cpe:/a:oracle:linux:seamonkey-chat"], "id": "ORACLELINUX_ELSA-2008-0977.NASL", "href": "https://www.tenable.com/plugins/nessus/67765", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0977 and \n# Oracle Linux Security Advisory ELSA-2008-0977 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67765);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:07\");\n\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5019\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\");\n script_bugtraq_id(32281);\n script_xref(name:\"RHSA\", value:\"2008:0977\");\n\n script_name(english:\"Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0977)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0977 :\n\nUpdated SeaMonkey packages that fix security issues are now available\nfor Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red\nHat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\nCVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n\nSeveral flaws were found in the way malformed content was processed. A\nweb site containing specially crafted content could potentially trick\na SeaMonkey user into surrendering sensitive information.\n(CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-November/000798.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-November/000799.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 79, 94, 119, 189, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.25.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-0.25.0.1.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-1.0.9-28.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-chat-1.0.9-28.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-devel-1.0.9-28.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-dom-inspector-1.0.9-28.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-js-debugger-1.0.9-28.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-mail-1.0.9-28.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:32:44", "description": "This update backports security fixes to the Mozilla XULRunner engine.\n\nIt fixes following security issues :\n\nCVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser\n(nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an\nallocation failure, which allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via an HTTP index\nresponse with a crafted 200 header, which triggers memory corruption\nand a buffer overflow.\n\nCVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18,\nThunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do\nnot properly change the source URI when processing a canvas element\nand an HTTP redirect, which allows remote attackers to bypass the same\norigin policy and access arbitrary images that are not directly\naccessible to the attacker. NOTE: this issue can be leveraged to\nenumerate software on the client by performing redirections related to\nmoz-icon.\n\nCVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and\nSeaMonkey 1.x before 1.1.13 do not properly check when the Flash\nmodule has been dynamically unloaded properly, which allows remote\nattackers to execute arbitrary code via a crafted SWF file that\n'dynamically unloads itself from an outside JavaScript function,'\nwhich triggers an access of an expired memory address.\n\nCVE-2008-5014 / MFSA 2008-50: jslock.cpp in Mozilla Firefox 3.x before\n3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying the window.__proto__.__proto__ object in a way that causes a\nlock on a non-native object, which triggers an assertion failure\nrelated to the OBJ_IS_NATIVE function.\n\nCVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x\nbefore 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\nbefore 1.1.13 allows remote attackers to cause a denial of service\n(crash) via multiple vectors that trigger an assertion failure or\nother consequences.\n\nCVE-2008-5017 / MFSA 2008-52: Integer overflow in\nxpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x\nbefore 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via unknown vectors.\n\nCVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox\n3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via vectors related to 'insufficient\nclass checking' in the Date class.\n\nCVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying properties of a file input element while it is still being\ninitialized, then using the blur method to access uninitialized\nmemory.\n\nCVE-2008-5022 / MFSA 2008-56: The\nnsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the\nsame-origin policy and execute arbitrary script via multiple\nlisteners, which bypass the inner window check.\n\nCVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x\nbefore 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to bypass the protection mechanism for codebase principals\nand execute arbitrary script via the -moz-binding CSS property in a\nsigned JAR file.\n\nCVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4,\nFirefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\nSeaMonkey 1.x before 1.1.13 do not properly escape quote characters\nused for XML processing, allows remote attackers to conduct XML\ninjection attacks via the default namespace in an E4X document.\n\nCVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the\nJavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird\n2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to cause a denial of service (crash) via unknown vectors\nthat trigger memory corruption, as demonstrated by\ne4x/extensions/regress-410192.js.", "edition": 24, "published": "2008-11-25T00:00:00", "title": "openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5820)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:epiphany", "cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n", "p-cpe:/a:novell:opensuse:epiphany-extensions", "p-cpe:/a:novell:opensuse:epiphany-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner181"], "id": "SUSE_MOZILLA-XULRUNNER181-5820.NASL", "href": "https://www.tenable.com/plugins/nessus/34960", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner181-5820.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34960);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\");\n\n script_name(english:\"openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5820)\");\n script_summary(english:\"Check for the mozilla-xulrunner181-5820 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update backports security fixes to the Mozilla XULRunner engine.\n\nIt fixes following security issues :\n\nCVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser\n(nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an\nallocation failure, which allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via an HTTP index\nresponse with a crafted 200 header, which triggers memory corruption\nand a buffer overflow.\n\nCVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18,\nThunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do\nnot properly change the source URI when processing a canvas element\nand an HTTP redirect, which allows remote attackers to bypass the same\norigin policy and access arbitrary images that are not directly\naccessible to the attacker. NOTE: this issue can be leveraged to\nenumerate software on the client by performing redirections related to\nmoz-icon.\n\nCVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and\nSeaMonkey 1.x before 1.1.13 do not properly check when the Flash\nmodule has been dynamically unloaded properly, which allows remote\nattackers to execute arbitrary code via a crafted SWF file that\n'dynamically unloads itself from an outside JavaScript function,'\nwhich triggers an access of an expired memory address.\n\nCVE-2008-5014 / MFSA 2008-50: jslock.cpp in Mozilla Firefox 3.x before\n3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying the window.__proto__.__proto__ object in a way that causes a\nlock on a non-native object, which triggers an assertion failure\nrelated to the OBJ_IS_NATIVE function.\n\nCVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x\nbefore 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x\nbefore 1.1.13 allows remote attackers to cause a denial of service\n(crash) via multiple vectors that trigger an assertion failure or\nother consequences.\n\nCVE-2008-5017 / MFSA 2008-52: Integer overflow in\nxpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x\nbefore 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via unknown vectors.\n\nCVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox\n3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before\n2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to\ncause a denial of service (crash) via vectors related to 'insufficient\nclass checking' in the Date class.\n\nCVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code by\nmodifying properties of a file input element while it is still being\ninitialized, then using the blur method to access uninitialized\nmemory.\n\nCVE-2008-5022 / MFSA 2008-56: The\nnsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before\n3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,\nand SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the\nsame-origin policy and execute arbitrary script via multiple\nlisteners, which bypass the inner window check.\n\nCVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x\nbefore 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to bypass the protection mechanism for codebase principals\nand execute arbitrary script via the -moz-binding CSS property in a\nsigned JAR file.\n\nCVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4,\nFirefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and\nSeaMonkey 1.x before 1.1.13 do not properly escape quote characters\nused for XML processing, allows remote attackers to conduct XML\ninjection attacks via the default namespace in an E4X document.\n\nCVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the\nJavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird\n2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote\nattackers to cause a denial of service (crash) via unknown vectors\nthat trigger memory corruption, as demonstrated by\ne4x/extensions/regress-410192.js.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner181 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 119, 189, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"epiphany-2.16.1-35\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"epiphany-devel-2.16.1-35\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"epiphany-extensions-2.16.1-35\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mozilla-xulrunner181-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mozilla-xulrunner181-devel-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mozilla-xulrunner181-l10n-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner181-32bit-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"epiphany-2.20.0-8.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"epiphany-devel-2.20.0-8.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"epiphany-extensions-2.20.0-8.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-xulrunner181-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-xulrunner181-devel-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mozilla-xulrunner181-l10n-1.8.1.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner181-32bit-1.8.1.18-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner181\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:33:05", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\nCVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n\nSeveral flaws were found in the way malformed content was processed. A\nweb site containing specially crafted content could potentially trick\na SeaMonkey user into surrendering sensitive information.\n(CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20081112_SEAMONKEY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60495", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60495);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:18\");\n\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5019\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\nCVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n\nSeveral flaws were found in the way malformed content was processed. A\nweb site containing specially crafted content could potentially trick\na SeaMonkey user into surrendering sensitive information.\n(CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0811&L=scientific-linux-errata&T=0&P=1308\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cd246d8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 94, 119, 189, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-1.0.9-0.25.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-chat-1.0.9-0.25.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-devel-1.0.9-0.25.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.25.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-js-debugger-1.0.9-0.25.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-mail-1.0.9-0.25.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-1.0.9-0.25.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.25.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-1.0.9-0.25.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-devel-1.0.9-0.25.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"firefox-3.0.4-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"nss-3.12.1.1-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"nss-devel-3.12.1.1-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-28.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-28.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-28.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-28.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-28.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-28.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:56:29", "description": "Updated SeaMonkey packages that fix security issues are now available\nfor Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red\nHat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\nCVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n\nSeveral flaws were found in the way malformed content was processed. A\nweb site containing specially crafted content could potentially trick\na SeaMonkey user into surrendering sensitive information.\n(CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 26, "published": "2008-11-13T00:00:00", "title": "RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0977)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss", "cpe:/o:redhat:enterprise_linux:4.7", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector"], "id": "REDHAT-RHSA-2008-0977.NASL", "href": "https://www.tenable.com/plugins/nessus/34763", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0977. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34763);\n script_version (\"1.26\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-0017\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5019\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\");\n script_bugtraq_id(32281);\n script_xref(name:\"RHSA\", value:\"2008:0977\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0977)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix security issues are now available\nfor Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red\nHat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\nCVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n\nSeveral flaws were found in the way malformed content was processed. A\nweb site containing specially crafted content could potentially trick\na SeaMonkey user into surrendering sensitive information.\n(CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0977\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 79, 94, 119, 189, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0977\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.21.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.21.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.21.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.21.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.21.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.21.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.21.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.21.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.21.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.21.el2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.25.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.25.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.25.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.25.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.25.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.25.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.25.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.25.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.25.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.25.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-28.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-28.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-28.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-28.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-28.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-28.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:21:36", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-4582"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1671-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 24, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nwebbrowser, an unbranded version of the Firefox browser. The Common \nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0017\n \n Justin Schuh discovered that a buffer overflow in the http-index-format\n parser could lead to arbitrary code execution.\n\nCVE-2008-4582\n\n Liu Die Yu discovered an information leak through local shortcut\n files.\n\nCVE-2008-5012\n\n Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions.\n\nCVE-2008-5013\n\n It was discovered that insufficient checks in the Flash plugin glue\n code could lead to arbitrary code execution.\n\nCVE-2008-5014\n\n Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution.\n\nCVE-2008-5017\n\n It was discovered that crashes in the layout engine could lead to\n arbitrary code execution.\n\nCVE-2008-5018\n\n It was discovered that crashes in the Javascript engine could lead to\n arbitrary code execution.\n\nCVE-2008-5021\n\n It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code.\n\nCVE-2008-5022\n\n "moz_bug_r_a4" discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.\n\nCVE-2008-5023\n\n Collin Jackson discovered that the -moz-binding property bypasses\n security checks on codebase principals.\n\nCVE-2008-5024\n\n Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.18-0etch1.\n\nFor the upcoming stable distribution (lenny) and the unstable distribution\n(sid), these problems have been fixed in version 3.0.4-1 of iceweasel \nand version 1.9.0.4-1 of xulrunner. Packages for arm and mips will be\nprovided soon.\n\nWe recommend that you upgrade your iceweasel package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1.diff.gz\n Size/MD5 checksum: 186777 18d2492164c72b846fab74bd75a69e1b\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18.orig.tar.gz\n Size/MD5 checksum: 47266681 ad1a208d95dedeafddbe7377de88d4d9\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1.dsc\n Size/MD5 checksum: 1289 84983c4e7f053c1f0eb3ea3d154bc6ad\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.18-0etch1_all.deb\n Size/MD5 checksum: 54478 73ed36d6990d6b86e8fccef00a9029b1\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.18-0etch1_all.deb\n Size/MD5 checksum: 54626 bcc4bd1443fe23e5311396949bac9f32\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.18-0etch1_all.deb\n Size/MD5 checksum: 54596 62200645f81cd0e505fd40382333d010\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.18-0etch1_all.deb\n Size/MD5 checksum: 54742 045a9714ca0a04061cee79bc16b4b940\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.18-0etch1_all.deb\n Size/MD5 checksum: 55274 09fdae147e16b09ad51544ab1fd218e6\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.18-0etch1_all.deb\n Size/MD5 checksum: 239810 beeee1e8cab02ec9a70d89df8db4610b\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.18-0etch1_all.deb\n Size/MD5 checksum: 54480 15636d866284ca7caf11bd939792df97\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_alpha.deb\n Size/MD5 checksum: 11587524 82c7dae5efa5f21333843c5204036f9d\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_alpha.deb\n Size/MD5 checksum: 51194740 8a6f236c8bef5e6b0b16df05a7fd866d\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_alpha.deb\n Size/MD5 checksum: 90332 8791b1fcc9a3bbfcaac993d65b1b77cd\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_amd64.deb\n Size/MD5 checksum: 88014 4e4a404cb859067e8804b793b06b1a5a\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_amd64.deb\n Size/MD5 checksum: 50189682 3fe64a570e13497a49ac77972ead0ac0\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_amd64.deb\n Size/MD5 checksum: 10213098 a38d4ae01ab60abab641411ee7aedba1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_hppa.deb\n Size/MD5 checksum: 50566700 b1c063d6d40829a2301eecef32549f5e\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_hppa.deb\n Size/MD5 checksum: 89800 967a00e25f5584ba2790e6f00a716c4e\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_hppa.deb\n Size/MD5 checksum: 11119984 683938c6cedee58201ec5d9428360f6a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_i386.deb\n Size/MD5 checksum: 9126828 d2dd8a62f98c9136bbce2c52919c637a\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_i386.deb\n Size/MD5 checksum: 82124 2d965fe0779f11d12157babf407a25a0\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_i386.deb\n Size/MD5 checksum: 49579624 c543f12165ffc2034cae25d36b258c83\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_ia64.deb\n Size/MD5 checksum: 14163520 5d3f1430543e78579bfa7aa390ac6d80\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_ia64.deb\n Size/MD5 checksum: 50533560 361db4abc1d5427fad23619ba2308286\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_ia64.deb\n Size/MD5 checksum: 100336 64b08280ff519215f2c6c77eb20ffed7\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_mipsel.deb\n Size/MD5 checksum: 52534114 eb211ddd6ef9fca7daa921913772a50a\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_mipsel.deb\n Size/MD5 checksum: 10768188 333f49d0aaea41be09d14dc518e9a215\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_mipsel.deb\n Size/MD5 checksum: 83286 e95b3453554c0b62411967cd8489595b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_powerpc.deb\n Size/MD5 checksum: 83850 f58384f43ff563f835c0076959ef40b8\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_powerpc.deb\n Size/MD5 checksum: 51988102 3b89980f834495425e20a2b6f145339e\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_powerpc.deb\n Size/MD5 checksum: 9942022 b7be7ce0eec7a276351f6308a1a8c2ae\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_s390.deb\n Size/MD5 checksum: 50865174 5142df57b35fad2b1654ff9cae873a69\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_s390.deb\n Size/MD5 checksum: 10369888 0aa6fbd381a6259ff95d3257199ab372\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_s390.deb\n Size/MD5 checksum: 88268 5a027d5880f4499e399d75e9424c8ef2\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_sparc.deb\n Size/MD5 checksum: 49199006 210022771108894873f4f2becf3675b9\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_sparc.deb\n Size/MD5 checksum: 82072 2a76c78e38d756f2261da449f8215fe4\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_sparc.deb\n Size/MD5 checksum: 9205774 1a6ea528bb676aaaf88ad8d44f5d76c6\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 7, "modified": "2008-11-24T21:36:45", "published": "2008-11-24T21:36:45", "id": "DEBIAN:DSA-1671-1:F6217", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00263.html", "title": "[SECURITY] [DSA 1671-1] New iceweasel packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:27", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024", "CVE-2008-5052"], "description": "SeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\nCVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n\nSeveral flaws were found in the way malformed content was processed. A web\nsite containing specially-crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-5012,\nCVE-2008-5022, CVE-2008-5023, CVE-2008-5024)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n", "modified": "2018-03-14T19:27:43", "published": "2008-11-12T05:00:00", "id": "RHSA-2008:0977", "href": "https://access.redhat.com/errata/RHSA-2008:0977", "type": "redhat", "title": "(RHSA-2008:0977) Critical: seamonkey security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:07", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "[1.0.9-28.0.1.el4]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html.\n- Removed corresponding ones of Red Hat.\n[1.0.9-28.el4]\n- Add patches for backported fixes from 1.8.1.18", "edition": 4, "modified": "2008-11-13T00:00:00", "published": "2008-11-13T00:00:00", "id": "ELSA-2008-0977", "href": "http://linux.oracle.com/errata/ELSA-2008-0977.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:28:58", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0977\n\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\nCVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n\nSeveral flaws were found in the way malformed content was processed. A web\nsite containing specially-crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-5012,\nCVE-2008-5022, CVE-2008-5023, CVE-2008-5024)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027440.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027441.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027446.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027447.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027460.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027461.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027485.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027499.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0977.html", "edition": 6, "modified": "2008-11-27T14:31:10", "published": "2008-11-13T14:22:44", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/027440.html", "id": "CESA-2008:0977", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:50", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5052"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0977-01\n\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016,\nCVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)\n\nSeveral flaws were found in the way malformed content was processed. A web\nsite containing specially-crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-5012,\nCVE-2008-5022, CVE-2008-5023, CVE-2008-5024)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/027439.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2008-11-13T06:38:44", "published": "2008-11-13T06:38:44", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/027439.html", "id": "CESA-2008:0977-01", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser. ", "modified": "2008-11-14T12:50:27", "published": "2008-11-14T12:50:27", "id": "FEDORA:C0222208D98", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: epiphany-extensions-2.20.1-11.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "epiphany is a simple GNOME web browser based on the Mozilla rendering engine. ", "modified": "2008-11-14T12:50:27", "published": "2008-11-14T12:50:27", "id": "FEDORA:A19FC208D1E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: epiphany-2.20.3-8.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "gnome-web-photo contains a thumbnailer that will be used by GNOME applicati ons, including the file manager, to generate screenshots of web pages. ", "modified": "2008-11-14T12:50:28", "published": "2008-11-14T12:50:28", "id": "FEDORA:A27D6208DAD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gnome-web-photo-0.3-14.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. ", "modified": "2008-11-14T12:50:28", "published": "2008-11-14T12:50:28", "id": "FEDORA:A9249208DAE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: kazehakase-0.5.6-1.fc8.1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "This is an evolution plugin which enables evolution to read rss feeds. ", "modified": "2008-11-14T12:50:27", "published": "2008-11-14T12:50:27", "id": "FEDORA:2442D208DA9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: evolution-rss-0.0.8-13.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "OpenVRML is a VRML/X3D support library, including a runtime and facilities for reading and displaying VRML and X3D models. ", "modified": "2008-11-14T12:50:28", "published": "2008-11-14T12:50:28", "id": "FEDORA:C93F7208DB0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: openvrml-0.17.10-2.0.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. ", "modified": "2008-11-14T12:50:28", "published": "2008-11-14T12:50:28", "id": "FEDORA:022C3208DB3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: seamonkey-1.1.13-1.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great peopl e. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then r ead and display them. The extracted files could be found in $HOME/.chmsee/books helf directory. You can clean those files at any time and there is a special con fig option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. ", "modified": "2008-11-14T12:50:27", "published": "2008-11-14T12:50:27", "id": "FEDORA:EE582208DA4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: chmsee-1.0.0-5.31.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "modified": "2008-11-14T12:50:28", "published": "2008-11-14T12:50:28", "id": "FEDORA:40F3B208DA8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: galeon-2.0.4-6.fc8.3", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"], "description": "An light eye-candy fully themable animated dock for any Linux desktop. It has a family-likeness with OSX dock, but with more options. ", "modified": "2008-11-14T12:50:27", "published": "2008-11-14T12:50:27", "id": "FEDORA:DF375208DA6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: cairo-dock-1.6.3.1-1.fc8.1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:54:05", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5015", "CVE-2008-5052"], "description": "This security update updates various Mozilla Browsers to their current security release.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2008-11-26T16:19:10", "published": "2008-11-26T16:19:10", "id": "SUSE-SA:2008:055", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html", "type": "suse", "title": "remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:24:02", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5015", "CVE-2008-4582"], "description": "Liu Die Yu discovered an information disclosure vulnerability in Firefox \nwhen using saved .url shortcut files. If a user were tricked into \ndownloading a crafted .url file and a crafted HTML file, an attacker \ncould steal information from the user's cache. (CVE-2008-4582)\n\nGeorgi Guninski, Michal Zalewsk and Chris Evans discovered that the \nsame-origin check in Firefox could be bypassed. If a user were tricked \ninto opening a malicious website, an attacker could obtain private \ninformation from data stored in the images, or discover information \nabout software on the user's computer. This issue only affects Firefox 2. \n(CVE-2008-5012)\n\nIt was discovered that Firefox did not properly check if the Flash \nmodule was properly unloaded. By tricking a user into opening a crafted \nSWF file, an attacker could cause Firefox to crash and possibly execute \narbitrary code with user privileges. This issue only affects Firefox 2. \n(CVE-2008-5013)\n\nJesse Ruderman discovered that Firefox did not properly guard locks on \nnon-native objects. If a user were tricked into opening a malicious \nwebsite, an attacker could cause a browser crash and possibly execute \narbitrary code with user privileges. This issue only affects Firefox 2. \n(CVE-2008-5014)\n\nLuke Bryan discovered that Firefox sometimes opened file URIs with \nchrome privileges. If a user saved malicious code locally, then opened \nthe file in the same tab as a privileged document, an attacker could \nrun arbitrary JavaScript code with chrome privileges. This issue only \naffects Firefox 3.0. (CVE-2008-5015)\n\nSeveral problems were discovered in the browser, layout and JavaScript \nengines. These problems could allow an attacker to crash the browser \nand possibly execute arbitrary code with user privileges. \n(CVE-2008-5016, CVE-2008-5017, CVE-2008-5018)\n\nDavid Bloom discovered that the same-origin check in Firefox could be \nbypassed by utilizing the session restore feature. An attacker could \nexploit this to run JavaScript in the context of another site or \nexecute arbitrary JavaScript code with chrome privileges. \n(CVE-2008-5019)\n\nJustin Schuh discovered a flaw in Firefox's mime-type parsing. If a \nuser were tricked into opening a malicious website, an attacker could \nsend a crafted header in the HTTP index response, causing a browser \ncrash and execute arbitrary code with user privileges. (CVE-2008-0017)\n\nA flaw was discovered in Firefox's DOM constructing code. If a user \nwere tricked into opening a malicious website, an attacker could \ncause the browser to crash and potentially execute arbitrary code with \nuser privileges. (CVE-2008-5021)\n\nIt was discovered that the same-origin check in Firefox could be \nbypassed. If a user were tricked into opening a malicious website, an \nattacker could execute JavaScript in the context of a different website. \n(CVE-2008-5022)\n\nCollin Jackson discovered various flaws in Firefox when processing \nstylesheets which allowed JavaScript to be injected into signed JAR \nfiles. If a user were tricked into opening malicious web content, an \nattacker could execute arbitrary code with the privileges of the \nsigned JAR or of a different website. (CVE-2008-5023)\n\nChris Evans discovered that Firefox did not properly parse E4X \ndocuments, leading to quote characters in the namespace not being \nproperly escaped. (CVE-2008-5024)", "edition": 5, "modified": "2008-11-17T00:00:00", "published": "2008-11-17T00:00:00", "id": "USN-667-1", "href": "https://ubuntu.com/security/notices/USN-667-1", "title": "Firefox and xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:21", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5023", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-5014", "CVE-2008-5022", "CVE-2008-5016", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5015", "CVE-2008-4582"], "description": "\nThe Mozilla Foundation reports:\n\nMFSA 2008-58 Parsing error in E4X default namespace\nMFSA 2008-57 -moz-binding property bypasses security checks on\n\t codebase principals\nMFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin\n\t violation\nMFSA 2008-55 Crash and remote code execution in\n\t nsFrameManager\nMFSA 2008-54 Buffer overflow in http-index-format parser\nMFSA 2008-53 XSS and JavaScript privilege escalation via session\n\t restore\nMFSA 2008-52 Crashes with evidence of memory corruption\n\t (rv:1.9.0.4/1.8.1.18)\nMFSA 2008-51 file: URIs inherit chrome privileges when opened\n\t from chrome\nMFSA 2008-50 Crash and remote code execution via __proto__\n\t tampering\nMFSA 2008-49 Arbitrary code execution via Flash Player dynamic\n\t module unloading\nMFSA 2008-48 Image stealing via canvas and HTTP redirect\nMFSA 2008-47 Information stealing via local shortcut files\nMFSA 2008-46 Heap overflow when canceling newsgroup message\nMFSA 2008-44 resource: traversal vulnerabilities\nMFSA 2008-43 BOM characters stripped from JavaScript before\n\t execution\nMFSA 2008-42 Crashes with evidence of memory corruption\n\t (rv:1.9.0.2/1.8.1.17)\nMFSA 2008-41 Privilege escalation via XPCnativeWrapper\n\t pollution\nMFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin\n\t violation\nMFSA 2008-37 UTF-8 URL stack buffer overflow\n\n", "edition": 4, "modified": "2008-11-23T00:00:00", "published": "2008-11-13T00:00:00", "id": "F29FEA8F-B19F-11DD-A55E-00163E000016", "href": "https://vuxml.freebsd.org/freebsd/f29fea8f-b19f-11dd-a55e-00163e000016.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
