ID CVE-2009-1839 Type cve Reporter cve@mitre.org Modified 2017-09-29T01:34:00
Description
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.
{"exploitdb": [{"lastseen": "2016-02-01T12:42:30", "description": "Mozilla Firefox Location Bar Spoofing Vulnerability. CVE-2009-1839. Local exploits for multiple platform", "published": "2009-12-18T00:00:00", "type": "exploitdb", "title": "Mozilla Firefox Location Bar Spoofing Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-1839"], "modified": "2009-12-18T00:00:00", "id": "EDB-ID:10544", "href": "https://www.exploit-db.com/exploits/10544/", "sourceData": "# Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY\r\n# Date: 2009-12-18\r\n# Author: Jordi Chancel\r\n# Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html\r\n# Version: Mozilla Firefox 3.0.15 & 3.5.5\r\n# Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK\r\n# CVE : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985\r\n# DESCRIPTION: {\r\n#\t\tSecurity researcher Jordi Chancel reported an issue similar to one fixed in mfsa2009-44\r\n#\t\tin which a web page can set document.location to a URL that can't be displayed properly and then inject \r\n#\t\tcontent into the resulting blank page. An attacker could use this vulnerability to place a legitimate-looking \r\n#\t\tbut invalid URL in the location bar and inject HTML and JavaScript into the body of the \r\n#\t\tpage, resulting in a spoofing attack. }\r\n# Code :\r\n<html>\r\n<title>FAKE PAGE</title>\r\n<body onload=\"javascript:window.location = 'https://www.google.com%20';window.stop();void(0);\">\r\n<h1>FAKE PAGE</h1>\r\n</body>\r\n</html>", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/10544/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-1839"], "description": "Mozilla Foundation Security Advisory 2009-30\r\n\r\nTitle: Incorrect principal set for file: resources loaded via location bar\r\nImpact: Moderate\r\nAnnounced: June 11, 2009\r\nReporter: Adam Barth, Collin Jackson\r\nProducts: Firefox 3\r\n\r\nFixed in: Firefox 3.0.11\r\nDescription\r\n\r\nSecurity researchers Adam Barth and Collin Jackson reported that when a file: resource is loaded via the location bar it inherits the principal of the previously loaded document. This vulnerability can potentially give the newly loaded document additional privileges to access the contents of other local files that it wouldn't otherwise have permission to read.\r\n\r\nA potential victim would first have to have downloaded the attackers document to their local machine. Then the victim would have to open another document in a directory of interest to the attacker before opening the attacker's file in the same window.\r\n\r\nPrior to version 3.0, Firefox (like browsers from other vendors) treated all local files as having the same origin without restriction. This vulnerability is a partial bypass of the restrictions implemented in Firefox 3.0\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=479943\r\n * CVE-2009-1839\r\n", "edition": 1, "modified": "2009-06-14T00:00:00", "published": "2009-06-14T00:00:00", "id": "SECURITYVULNS:DOC:22013", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22013", "title": "Mozilla Foundation Security Advisory 2009-30", "type": "securityvulns", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "Privilege escalations, crossite scripting, DoS, race conditions, SSL spoofing if HTTP proxy is used, multiple memory corruptions.", "edition": 1, "modified": "2009-06-14T00:00:00", "published": "2009-06-14T00:00:00", "id": "SECURITYVULNS:VULN:9986", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9986", "title": "Mozilla Firefox multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:21:05", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "Several flaws were discovered in the browser and JavaScript engines of \nFirefox. If a user were tricked into viewing a malicious website, a remote \nattacker could cause a denial of service or possibly execute arbitrary code \nwith the privileges of the user invoking the program. (CVE-2009-1392, \nCVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838)\n\nPavel Cvrcek discovered that Firefox would sometimes display certain \ninvalid Unicode characters as whitespace. An attacker could exploit this to \nspoof the location bar, such as in a phishing attack. (CVE-2009-1834)\n\nGregory Fleischer, Adam Barth and Collin Jackson discovered that Firefox \nwould allow access to local files from resources loaded via the file: \nprotocol. If a user were tricked into downloading then opening a malicious \nfile, an attacker could steal potentially sensitive information. \n(CVE-2009-1835, CVE-2009-1839)\n\nShuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Firefox \ndid not properly handle error responses when connecting to a proxy server. \nIf a remote attacker were able to perform a man-in-the-middle attack, this \nflaw could be exploited to view sensitive information. (CVE-2009-1836)\n\nWladimir Palant discovered Firefox did not check content-loading policies \nwhen loading external script files into XUL documents. As a result, Firefox \nmight load malicious content under certain circumstances. (CVE-2009-1840)\n\nIt was discovered that Firefox could be made to run scripts with elevated \nprivileges. If a user were tricked into viewing a malicious website, an \nattacker could cause a chrome privileged object, such as the browser \nsidebar, to run arbitrary code via interactions with the attacker \ncontrolled website. (CVE-2009-1841)", "edition": 5, "modified": "2009-06-12T00:00:00", "published": "2009-06-12T00:00:00", "id": "USN-779-1", "href": "https://ubuntu.com/security/notices/USN-779-1", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:46", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838,\nCVE-2009-1841)\n\nMultiple flaws were found in the processing of malformed, local file\ncontent. If a user loaded malicious, local content via the file:// URL, it\nwas possible for that content to access other local data. (CVE-2009-1835,\nCVE-2009-1839)\n\nA script, privilege elevation flaw was found in the way Firefox loaded XML\nUser Interface Language (XUL) scripts. Firefox and certain add-ons could\nload malicious content when certain policy checks did not happen.\n(CVE-2009-1840)\n\nA flaw was found in the way Firefox displayed certain Unicode characters in\nInternational Domain Names (IDN). If an IDN contained invalid characters,\nthey may have been displayed as spaces, making it appear to the user that\nthey were visiting a trusted site. (CVE-2009-1834)\n\nA flaw was found in the way Firefox handled error responses returned from\nproxy servers. If an attacker is able to conduct a man-in-the-middle attack\nagainst a Firefox instance that is using a proxy server, they may be able\nto steal sensitive information from the site the user is visiting.\n(CVE-2009-1836)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.11. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.", "modified": "2017-09-08T12:08:33", "published": "2009-06-11T04:00:00", "id": "RHSA-2009:1095", "href": "https://access.redhat.com/errata/RHSA-2009:1095", "type": "redhat", "title": "(RHSA-2009:1095) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "\nMozilla Foundation reports:\n\nMFSA 2009-32 JavaScript chrome privilege escalation\nMFSA 2009-31 XUL scripts bypass content-policy checks\nMFSA 2009-30 Incorrect principal set for file: resources\n\t loaded via location bar\nMFSA 2009-29 Arbitrary code execution using event listeners\n\t attached to an element whose owner document is null\nMFSA 2009-28 Race condition while accessing the private data\n\t of a NPObject JS wrapper class object\nMFSA 2009-27 SSL tampering via non-200 responses to proxy\n\t CONNECT requests\nMFSA 2009-26 Arbitrary domain cookie access by local file:\n\t resources\nMFSA 2009-25 URL spoofing with invalid unicode characters\nMFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)\n\n", "edition": 4, "modified": "2009-12-12T00:00:00", "published": "2009-06-11T00:00:00", "id": "DA185955-5738-11DE-B857-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/da185955-5738-11de-b857-000f20797ede.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1095\n\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838,\nCVE-2009-1841)\n\nMultiple flaws were found in the processing of malformed, local file\ncontent. If a user loaded malicious, local content via the file:// URL, it\nwas possible for that content to access other local data. (CVE-2009-1835,\nCVE-2009-1839)\n\nA script, privilege elevation flaw was found in the way Firefox loaded XML\nUser Interface Language (XUL) scripts. Firefox and certain add-ons could\nload malicious content when certain policy checks did not happen.\n(CVE-2009-1840)\n\nA flaw was found in the way Firefox displayed certain Unicode characters in\nInternational Domain Names (IDN). If an IDN contained invalid characters,\nthey may have been displayed as spaces, making it appear to the user that\nthey were visiting a trusted site. (CVE-2009-1834)\n\nA flaw was found in the way Firefox handled error responses returned from\nproxy servers. If an attacker is able to conduct a man-in-the-middle attack\nagainst a Firefox instance that is using a proxy server, they may be able\nto steal sensitive information from the site the user is visiting.\n(CVE-2009-1836)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.11. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-June/028031.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-June/028032.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\nxulrunner-devel-unstable\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1095.html", "edition": 3, "modified": "2009-06-19T11:07:44", "published": "2009-06-19T11:07:44", "href": "http://lists.centos.org/pipermail/centos-announce/2009-June/028031.html", "id": "CESA-2009:1095", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:19:21", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The Mozilla Firefox browser was updated to version 3.0.11, fixing various bugs and security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-06-16T16:38:22", "published": "2009-06-16T16:38:22", "id": "SUSE-SA:2009:034", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00005.html", "title": "remote code execution in MozillaFirefox", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-02-01T04:07:37", "description": "The installed version of Firefox is earlier than 3.0.11. Such versions\nare potentially affected by the following security issues :\n\n - Multiple memory corruption vulnerabilities could \n potentially be exploited to execute arbitrary code. \n (MFSA 2009-24)\n\n - Certain invalid Unicode characters, when used as a part\n of IDN, can be displayed as a whitespace in the location\n bar. An attacker could exploit this vulnerability to\n spoof the location bar. (MFSA 2009-25) \n\n - It may be possible for local resources loaded via\n 'file:' protocol to access any domain's cookies saved\n on a user's system. (MFSA 2009-26)\n\n - It may be possible to tamper with SSL data via non-200\n responses to proxy CONNECT requests. (MFSA 2009-27)\n\n - A race condition exists in 'NPObjWrapper_NewResolve' \n when accessing the properties of a NPObject, a \n wrapped JSObject. This flaw could be potentially\n exploited to execute arbitrary code on the remote\n system. (MFSA 2009-28)\n\n - If the owner document of an element becomes null after\n garbage collection, then it may be possible to execute\n the event listeners within the wrong JavaScript context.\n An attacker could potentially exploit this vulnerability\n to execute arbitrary JavaScript with chrome privileges.\n (MFSA 2009-29) \n\n - When the 'file:' resource is loaded from the location\n bar, the resource inherits the principal of the \n previously loaded document. This could potentially allow \n unauthorized access to local files. (MFSA 2009-30)\n\n - While loading external scripts into XUL documents\n content-loading policies are not checked. \n (MFSA 2009-31) \n\n - It may be possible for scripts from page content to\n run with elevated privileges. (MFSA 2009-32)", "edition": 29, "published": "2009-06-12T00:00:00", "title": "Firefox < 3.0.11 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_3011.NASL", "href": "https://www.tenable.com/plugins/nessus/39372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39372);\n script_version(\"1.23\");\n\n script_cve_id(\n \"CVE-2009-1392\", \n \"CVE-2009-1832\", \n \"CVE-2009-1833\", \n \"CVE-2009-1834\", \n \"CVE-2009-1835\", \n \"CVE-2009-1836\", \n \"CVE-2009-1837\", \n \"CVE-2009-1838\", \n \"CVE-2009-1839\", \n \"CVE-2009-1840\",\n \"CVE-2009-1841\"\n );\n script_bugtraq_id(\n 35360, \n 35370, \n 35371, \n 35372, \n 35373, \n 35377, \n 35380, \n 35383, \n 35386, \n 35388, \n 35391\n );\n # BID 35326 -- it's been retired\n script_xref(name:\"Secunia\", value:\"35331\");\n\n script_name(english:\"Firefox < 3.0.11 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 3.0.11. Such versions\nare potentially affected by the following security issues :\n\n - Multiple memory corruption vulnerabilities could \n potentially be exploited to execute arbitrary code. \n (MFSA 2009-24)\n\n - Certain invalid Unicode characters, when used as a part\n of IDN, can be displayed as a whitespace in the location\n bar. An attacker could exploit this vulnerability to\n spoof the location bar. (MFSA 2009-25) \n\n - It may be possible for local resources loaded via\n 'file:' protocol to access any domain's cookies saved\n on a user's system. (MFSA 2009-26)\n\n - It may be possible to tamper with SSL data via non-200\n responses to proxy CONNECT requests. (MFSA 2009-27)\n\n - A race condition exists in 'NPObjWrapper_NewResolve' \n when accessing the properties of a NPObject, a \n wrapped JSObject. This flaw could be potentially\n exploited to execute arbitrary code on the remote\n system. (MFSA 2009-28)\n\n - If the owner document of an element becomes null after\n garbage collection, then it may be possible to execute\n the event listeners within the wrong JavaScript context.\n An attacker could potentially exploit this vulnerability\n to execute arbitrary JavaScript with chrome privileges.\n (MFSA 2009-29) \n\n - When the 'file:' resource is loaded from the location\n bar, the resource inherits the principal of the \n previously loaded document. This could potentially allow \n unauthorized access to local files. (MFSA 2009-30)\n\n - While loading external scripts into XUL documents\n content-loading policies are not checked. \n (MFSA 2009-31) \n\n - It may be possible for scripts from page content to\n run with elevated privileges. (MFSA 2009-32)\" \n);\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.microsoft.com/en-us/research/publication/pretty-bad-proxy-an-overlooked-adversary-in-browsers-https-deployments/?from=http%3A%2F%2Fresearch.microsoft.com%2Fapps%2Fpubs%2Fdefault.aspx%3Fid%3D79323\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-25/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-26/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-27/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-28/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-29/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-30/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-31/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-32/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 3.0.11 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2009/06/11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.0.11', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:34", "description": "Several flaws were discovered in the browser and JavaScript engines of\nFirefox. If a user were tricked into viewing a malicious website, a\nremote attacker could cause a denial of service or possibly execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837,\nCVE-2009-1838)\n\nPavel Cvrcek discovered that Firefox would sometimes display certain\ninvalid Unicode characters as whitespace. An attacker could exploit\nthis to spoof the location bar, such as in a phishing attack.\n(CVE-2009-1834)\n\nGregory Fleischer, Adam Barth and Collin Jackson discovered that\nFirefox would allow access to local files from resources loaded via\nthe file: protocol. If a user were tricked into downloading then\nopening a malicious file, an attacker could steal potentially\nsensitive information. (CVE-2009-1835, CVE-2009-1839)\n\nShuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that\nFirefox did not properly handle error responses when connecting to a\nproxy server. If a remote attacker were able to perform a\nman-in-the-middle attack, this flaw could be exploited to view\nsensitive information. (CVE-2009-1836)\n\nWladimir Palant discovered Firefox did not check content-loading\npolicies when loading external script files into XUL documents. As a\nresult, Firefox might load malicious content under certain\ncircumstances. (CVE-2009-1840)\n\nIt was discovered that Firefox could be made to run scripts with\nelevated privileges. If a user were tricked into viewing a malicious\nwebsite, an attacker could cause a chrome privileged object, such as\nthe browser sidebar, to run arbitrary code via interactions with the\nattacker controlled website. (CVE-2009-1841).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2009-06-15T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-779-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2009-06-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:abrowser", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9"], "id": "UBUNTU_USN-779-1.NASL", "href": "https://www.tenable.com/plugins/nessus/39390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-779-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39390);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_xref(name:\"USN\", value:\"779-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-779-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were discovered in the browser and JavaScript engines of\nFirefox. If a user were tricked into viewing a malicious website, a\nremote attacker could cause a denial of service or possibly execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837,\nCVE-2009-1838)\n\nPavel Cvrcek discovered that Firefox would sometimes display certain\ninvalid Unicode characters as whitespace. An attacker could exploit\nthis to spoof the location bar, such as in a phishing attack.\n(CVE-2009-1834)\n\nGregory Fleischer, Adam Barth and Collin Jackson discovered that\nFirefox would allow access to local files from resources loaded via\nthe file: protocol. If a user were tricked into downloading then\nopening a malicious file, an attacker could steal potentially\nsensitive information. (CVE-2009-1835, CVE-2009-1839)\n\nShuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that\nFirefox did not properly handle error responses when connecting to a\nproxy server. If a remote attacker were able to perform a\nman-in-the-middle attack, this flaw could be exploited to view\nsensitive information. (CVE-2009-1836)\n\nWladimir Palant discovered Firefox did not check content-loading\npolicies when loading external script files into XUL documents. As a\nresult, Firefox might load malicious content under certain\ncircumstances. (CVE-2009-1840)\n\nIt was discovered that Firefox could be made to run scripts with\nelevated privileges. If a user were tricked into viewing a malicious\nwebsite, an attacker could cause a chrome privileged object, such as\nthe browser sidebar, to run arbitrary code via interactions with the\nattacker controlled website. (CVE-2009-1841).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/779-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-libthai\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"abrowser\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-libthai\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-libthai\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrowser / abrowser-3.0-branding / firefox / firefox-3.0 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:23", "description": "Update to new upstream Firefox version 3.0.11, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.11 Update also includes all\npackages depending on gecko-libs rebuild against new version of\nFirefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-06-16T00:00:00", "title": "Fedora 10 : Miro-2.0.3-5.fc10 / blam-1.8.5-11.fc10 / devhelp-0.22-9.fc10 / epiphany-2.24.3-7.fc10 / etc (2009-6366)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2009-06-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:google-gadgets", "p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:pcmanx-gtk2", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:gecko-sharp2", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:mugshot", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:mozvoikko", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2009-6366.NASL", "href": "https://www.tenable.com/plugins/nessus/39403", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6366.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39403);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_bugtraq_id(35360, 35370, 35371, 35372, 35373, 35377, 35380, 35383, 35386);\n script_xref(name:\"FEDORA\", value:\"2009-6366\");\n\n script_name(english:\"Fedora 10 : Miro-2.0.3-5.fc10 / blam-1.8.5-11.fc10 / devhelp-0.22-9.fc10 / epiphany-2.24.3-7.fc10 / etc (2009-6366)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.0.11, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.11 Update also includes all\npackages depending on gecko-libs rebuild against new version of\nFirefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503583\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024950.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f7e17ad\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024951.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b721524d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024952.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe8a5972\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024953.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a618dce6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024954.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0b678ea\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024955.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?386d572b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024956.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc3370d8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024957.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d4cb9e9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024958.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4283210\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024959.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b0178e7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024960.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95553e2b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024961.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?336cd986\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024962.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e33772e3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024963.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfadd14a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024964.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2c81bff\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024965.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5a7e2bf\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024966.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ee0fca0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024967.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f28dc9ba\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/024968.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96265835\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gecko-sharp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:google-gadgets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mugshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pcmanx-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"Miro-2.0.3-5.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"blam-1.8.5-11.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"devhelp-0.22-9.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"epiphany-2.24.3-7.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"epiphany-extensions-2.24.3-2.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"firefox-3.0.11-1.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"galeon-2.0.7-11.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gecko-sharp2-0.13-9.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gnome-python2-extras-2.19.1-31.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gnome-web-photo-0.3-19.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"google-gadgets-0.10.5-7.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"kazehakase-0.5.6-4.fc10.3\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"mozvoikko-0.9.5-11.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"mugshot-1.2.2-10.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"pcmanx-gtk2-0.3.8-10.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc10.2\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"ruby-gnome2-0.18.1-5.fc10.3\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"xulrunner-1.9.0.11-1.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"yelp-2.24.0-10.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / devhelp / epiphany / epiphany-extensions / firefox / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:28", "description": "New mozilla-firefox packages are available for Slackware 12.2, and\n-current to fix security issues. The updated packages may also be used\nwith Slackware 11.0 or newer.", "edition": 26, "published": "2009-06-17T00:00:00", "title": "Slackware 12.2 / current : mozilla-firefox (SSA:2009-167-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2009-06-17T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:mozilla-firefox"], "id": "SLACKWARE_SSA_2009-167-01.NASL", "href": "https://www.tenable.com/plugins/nessus/39421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-167-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39421);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_bugtraq_id(35360, 35370, 35371, 35372, 35373, 35377, 35380, 35383, 35386, 35388, 35391);\n script_xref(name:\"SSA\", value:\"2009-167-01\");\n\n script_name(english:\"Slackware 12.2 / current : mozilla-firefox (SSA:2009-167-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-firefox packages are available for Slackware 12.2, and\n-current to fix security issues. The updated packages may also be used\nwith Slackware 11.0 or newer.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7d74da4\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?434fa228\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.2\", pkgname:\"mozilla-firefox\", pkgver:\"3.0.11\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-firefox\", pkgver:\"3.0.11\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"3.0.11\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:19", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837,\nCVE-2009-1838, CVE-2009-1841)\n\nMultiple flaws were found in the processing of malformed, local file\ncontent. If a user loaded malicious, local content via the file://\nURL, it was possible for that content to access other local data.\n(CVE-2009-1835, CVE-2009-1839)\n\nA script, privilege elevation flaw was found in the way Firefox loaded\nXML User Interface Language (XUL) scripts. Firefox and certain add-ons\ncould load malicious content when certain policy checks did not\nhappen. (CVE-2009-1840)\n\nA flaw was found in the way Firefox displayed certain Unicode\ncharacters in International Domain Names (IDN). If an IDN contained\ninvalid characters, they may have been displayed as spaces, making it\nappear to the user that they were visiting a trusted site.\n(CVE-2009-1834)\n\nA flaw was found in the way Firefox handled error responses returned\nfrom proxy servers. If an attacker is able to conduct a\nman-in-the-middle attack against a Firefox instance that is using a\nproxy server, they may be able to steal sensitive information from the\nsite the user is visiting. (CVE-2009-1836)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090611_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60593);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837,\nCVE-2009-1838, CVE-2009-1841)\n\nMultiple flaws were found in the processing of malformed, local file\ncontent. If a user loaded malicious, local content via the file://\nURL, it was possible for that content to access other local data.\n(CVE-2009-1835, CVE-2009-1839)\n\nA script, privilege elevation flaw was found in the way Firefox loaded\nXML User Interface Language (XUL) scripts. Firefox and certain add-ons\ncould load malicious content when certain policy checks did not\nhappen. (CVE-2009-1840)\n\nA flaw was found in the way Firefox displayed certain Unicode\ncharacters in International Domain Names (IDN). If an IDN contained\ninvalid characters, they may have been displayed as spaces, making it\nappear to the user that they were visiting a trusted site.\n(CVE-2009-1834)\n\nA flaw was found in the way Firefox handled error responses returned\nfrom proxy servers. If an attacker is able to conduct a\nman-in-the-middle attack against a Firefox instance that is using a\nproxy server, they may be able to steal sensitive information from the\nsite the user is visiting. (CVE-2009-1836)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0906&L=scientific-linux-errata&T=0&P=305\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aaeaadd3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.0.11-4.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.0.11-2.el5_3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.0.11-3.el5_3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.0.11-3.el5_3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-unstable-1.9.0.11-3.el5_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:50:38", "description": "Mozilla Foundation reports :\n\nMFSA 2009-32 JavaScript chrome privilege escalation\n\nMFSA 2009-31 XUL scripts bypass content-policy checks\n\nMFSA 2009-30 Incorrect principal set for file: resources loaded via\nlocation bar\n\nMFSA 2009-29 Arbitrary code execution using event listeners attached\nto an element whose owner document is null\n\nMFSA 2009-28 Race condition while accessing the private data of a\nNPObject JS wrapper class object\n\nMFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT\nrequests\n\nMFSA 2009-26 Arbitrary domain cookie access by local file : resources\n\nMFSA 2009-25 URL spoofing with invalid unicode characters\n\nMFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)", "edition": 26, "published": "2009-06-15T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (da185955-5738-11de-b857-000f20797ede)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2009-06-15T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:linux-firefox-devel", "p-cpe:/a:freebsd:freebsd:thunderbird"], "id": "FREEBSD_PKG_DA185955573811DEB857000F20797EDE.NASL", "href": "https://www.tenable.com/plugins/nessus/39376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39376);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_xref(name:\"Secunia\", value:\"35331\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (da185955-5738-11de-b857-000f20797ede)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Foundation reports :\n\nMFSA 2009-32 JavaScript chrome privilege escalation\n\nMFSA 2009-31 XUL scripts bypass content-policy checks\n\nMFSA 2009-30 Incorrect principal set for file: resources loaded via\nlocation bar\n\nMFSA 2009-29 Arbitrary code execution using event listeners attached\nto an element whose owner document is null\n\nMFSA 2009-28 Race condition while accessing the private data of a\nNPObject JS wrapper class object\n\nMFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT\nrequests\n\nMFSA 2009-26 Arbitrary domain cookie access by local file : resources\n\nMFSA 2009-25 URL spoofing with invalid unicode characters\n\nMFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-25/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-26/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-27.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-27/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-28/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-29/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-30/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-31.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-31/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-32.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-32/\"\n );\n # https://vuxml.freebsd.org/freebsd/da185955-5738-11de-b857-000f20797ede.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3be105bf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<2.0.0.20_8,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox>3.*,1<3.0.11,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<3.0.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox-devel<3.0.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<2.0.0.22\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<2.0.0.22\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<1.1.17\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<1.1.17\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:24", "description": "Update to new upstream Firefox version 3.0.11, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.11 Update also includes all\npackages depending on gecko-libs rebuild against new version of\nFirefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-06-16T00:00:00", "title": "Fedora 9 : Miro-2.0.3-5.fc9 / blam-1.8.5-10.fc9.1 / chmsee-1.0.1-13.fc9 / devhelp-0.19.1-13.fc9 / etc (2009-6411)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2009-06-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:google-gadgets", "p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:chmsee", "p-cpe:/a:fedoraproject:fedora:totem", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:evolution-rss", "cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:mugshot", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:mozvoikko", "p-cpe:/a:fedoraproject:fedora:gtkmozembedmm", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2009-6411.NASL", "href": "https://www.tenable.com/plugins/nessus/39406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6411.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39406);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_bugtraq_id(35360, 35370, 35371, 35372, 35373, 35377, 35380, 35383, 35386);\n script_xref(name:\"FEDORA\", value:\"2009-6411\");\n\n script_name(english:\"Fedora 9 : Miro-2.0.3-5.fc9 / blam-1.8.5-10.fc9.1 / chmsee-1.0.1-13.fc9 / devhelp-0.19.1-13.fc9 / etc (2009-6411)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.0.11, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.11 Update also includes all\npackages depending on gecko-libs rebuild against new version of\nFirefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503583\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025021.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e980224\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025022.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?31d20ba0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025023.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0505c70\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025024.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65288620\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025025.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9342bb8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025026.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c2c3502\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025027.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d77c40b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025028.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05dce289\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025029.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4cd61cb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025030.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4574d88c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025031.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb771f2c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025032.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c97b85f5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025033.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a30aa2d3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025034.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfae7621\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dca39034\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70eb314b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025037.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98be733d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025038.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75dffff9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025039.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4319738c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025040.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9170f15e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution-rss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:google-gadgets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mugshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"Miro-2.0.3-5.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"blam-1.8.5-10.fc9.1\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"chmsee-1.0.1-13.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"devhelp-0.19.1-13.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"epiphany-2.22.2-12.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"epiphany-extensions-2.22.1-12.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"evolution-rss-0.1.0-12.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"firefox-3.0.11-1.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"galeon-2.0.7-11.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gnome-python2-extras-2.19.1-28.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gnome-web-photo-0.3-22.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"google-gadgets-0.10.5-7.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gtkmozembedmm-1.4.2.cvs20060817-30.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"kazehakase-0.5.6-4.fc9.3\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"mozvoikko-0.9.5-11.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"mugshot-1.2.2-10.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"ruby-gnome2-0.17.0-10.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"totem-2.23.2-17.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"xulrunner-1.9.0.11-1.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"yelp-2.22.1-13.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / chmsee / devhelp / epiphany / epiphany-extensions / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:09:15", "description": "The Mozilla Firefox browser was updated to version 3.0.11, fixing\nvarious bugs and security issues :\n\n - Crashes with evidence of memory corruption\n (rv:1.9.0.11). (MFSA 2009-24 / CVE-2009-1392 /\n CVE-2009-1832 / CVE-2009-1833)\n\n - (bmo#479413) URL spoofing with invalid unicode\n characters. (MFSA 2009-25 / CVE-2009-1834)\n\n - (bmo#491801) Arbitrary domain cookie access by local\n file: resources. (MFSA 2009-26 / CVE-2009-1835)\n\n - (bmo#479880) SSL tampering via non-200 responses to\n proxy CONNECT requests. (MFSA 2009-27 / CVE-2009-1836)\n\n - (bmo#486269) Race condition while accessing the private\n data of a NPObject JS wrapper class object. (MFSA\n 2009-28 / CVE-2009-1837)\n\n - (bmo#489131) Arbitrary code execution using event\n listeners attached to an element whose owner document is\n null. (MFSA 2009-29 / CVE-2009-1838)\n\n - (bmo#479943) Incorrect principal set for file: resources\n loaded via location bar. (MFSA 2009-30 / CVE-2009-1839)\n\n - (bmo#477979) XUL scripts bypass content-policy checks.\n (MFSA 2009-31 / CVE-2009-1840)\n\n - (bmo#479560) JavaScript chrome privilege escalation.\n (MFSA 2009-32 / CVE-2009-1841)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1001)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2009-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit"], "id": "SUSE_11_MOZILLAFIREFOX-090615.NASL", "href": "https://www.tenable.com/plugins/nessus/41356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41356);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n\n script_name(english:\"SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1001)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Firefox browser was updated to version 3.0.11, fixing\nvarious bugs and security issues :\n\n - Crashes with evidence of memory corruption\n (rv:1.9.0.11). (MFSA 2009-24 / CVE-2009-1392 /\n CVE-2009-1832 / CVE-2009-1833)\n\n - (bmo#479413) URL spoofing with invalid unicode\n characters. (MFSA 2009-25 / CVE-2009-1834)\n\n - (bmo#491801) Arbitrary domain cookie access by local\n file: resources. (MFSA 2009-26 / CVE-2009-1835)\n\n - (bmo#479880) SSL tampering via non-200 responses to\n proxy CONNECT requests. (MFSA 2009-27 / CVE-2009-1836)\n\n - (bmo#486269) Race condition while accessing the private\n data of a NPObject JS wrapper class object. (MFSA\n 2009-28 / CVE-2009-1837)\n\n - (bmo#489131) Arbitrary code execution using event\n listeners attached to an element whose owner document is\n null. (MFSA 2009-29 / CVE-2009-1838)\n\n - (bmo#479943) Incorrect principal set for file: resources\n loaded via location bar. (MFSA 2009-30 / CVE-2009-1839)\n\n - (bmo#477979) XUL scripts bypass content-policy checks.\n (MFSA 2009-31 / CVE-2009-1840)\n\n - (bmo#479560) JavaScript chrome privilege escalation.\n (MFSA 2009-32 / CVE-2009-1841)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-24.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-25.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-26.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-27.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-28.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-29.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-30.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-31.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-32.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=505563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1392.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1832.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1833.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1834.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1835.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1836.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1837.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1841.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1001.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-3.0.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.0.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-translations-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-3.0.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.0.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-3.0.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-translations-3.0.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-translations-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner190-32bit-1.9.0.11-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.11-1.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:48", "description": "The Mozilla Firefox browser was updated to version 3.0.11, fixing\nvarious bugs and security issues :\n\n - MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833\n Crashes with evidence of memory corruption (rv:1.9.0.11)\n\n - MFSA 2009-25/CVE-2009-1834 (bmo#479413) URL spoofing\n with invalid unicode characters\n\n - MFSA 2009-26/CVE-2009-1835 (bmo#491801) Arbitrary domain\n cookie access by local file: resources\n\n - MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering\n via non-200 responses to proxy CONNECT requests\n\n - MFSA 2009-28/CVE-2009-1837 (bmo#486269) Race condition\n while accessing the private data of a NPObject JS\n wrapper class object\n\n - MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code\n execution using event listeners attached to an element\n whose owner document is null\n\n - MFSA 2009-30/CVE-2009-1839 (bmo#479943) Incorrect\n principal set for file: resources loaded via location\n bar\n\n - MFSA 2009-31/CVE-2009-1840 (bmo#477979) XUL scripts\n bypass content-policy checks\n\n - MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript\n chrome privilege escalation", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-1000)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations", "p-cpe:/a:novell:opensuse:python-xpcom190", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs"], "id": "SUSE_11_1_MOZILLAFIREFOX-090615.NASL", "href": "https://www.tenable.com/plugins/nessus/40174", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-1000.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40174);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-1000)\");\n script_summary(english:\"Check for the MozillaFirefox-1000 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Firefox browser was updated to version 3.0.11, fixing\nvarious bugs and security issues :\n\n - MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833\n Crashes with evidence of memory corruption (rv:1.9.0.11)\n\n - MFSA 2009-25/CVE-2009-1834 (bmo#479413) URL spoofing\n with invalid unicode characters\n\n - MFSA 2009-26/CVE-2009-1835 (bmo#491801) Arbitrary domain\n cookie access by local file: resources\n\n - MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering\n via non-200 responses to proxy CONNECT requests\n\n - MFSA 2009-28/CVE-2009-1837 (bmo#486269) Race condition\n while accessing the private data of a NPObject JS\n wrapper class object\n\n - MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code\n execution using event listeners attached to an element\n whose owner document is null\n\n - MFSA 2009-30/CVE-2009-1839 (bmo#479943) Incorrect\n principal set for file: resources loaded via location\n bar\n\n - MFSA 2009-31/CVE-2009-1840 (bmo#477979) XUL scripts\n bypass content-policy checks\n\n - MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript\n chrome privilege escalation\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=505563\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom190\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-3.0.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-branding-upstream-3.0.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-3.0.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-1.9.0.11-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-devel-1.9.0.11-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.11-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-translations-1.9.0.11-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"python-xpcom190-1.9.0.11-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.11-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.11-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.11-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:31", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2009-1392\n Several issues in the browser engine have been\n discovered, which can result in the execution of\n arbitrary code. (MFSA 2009-24)\n\n - CVE-2009-1832\n It is possible to execute arbitrary code via vectors\n involving 'double frame construction.' (MFSA 2009-24)\n\n - CVE-2009-1833\n Jesse Ruderman and Adam Hauner discovered a problem in\n the JavaScript engine, which could lead to the execution\n of arbitrary code. (MFSA 2009-24)\n\n - CVE-2009-1834\n Pavel Cvrcek discovered a potential issue leading to a\n spoofing attack on the location bar related to certain\n invalid unicode characters. (MFSA 2009-25)\n\n - CVE-2009-1835\n Gregory Fleischer discovered that it is possible to read\n arbitrary cookies via a crafted HTML document. (MFSA\n 2009-26)\n\n - CVE-2009-1836\n Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang\n reported a potential man-in-the-middle attack, when\n using a proxy due to insufficient checks on a certain\n proxy response. (MFSA 2009-27)\n\n - CVE-2009-1837\n Jakob Balle and Carsten Eiram reported a race condition\n in the NPObjWrapper_NewResolve function that can be used\n to execute arbitrary code. (MFSA 2009-28)\n\n - CVE-2009-1838\n moz_bug_r_a4 discovered that it is possible to execute\n arbitrary JavaScript with chrome privileges due to an\n error in the garbage-collection implementation. (MFSA\n 2009-29)\n\n - CVE-2009-1839\n Adam Barth and Collin Jackson reported a potential\n privilege escalation when loading a file::resource via\n the location bar. (MFSA 2009-30)\n\n - CVE-2009-1840\n Wladimir Palant discovered that it is possible to bypass\n access restrictions due to a lack of content policy\n check, when loading a script file into a XUL document.\n (MFSA 2009-31)\n\n - CVE-2009-1841\n moz_bug_r_a4 reported that it is possible for scripts\n from page content to run with elevated privileges and\n thus potentially executing arbitrary code with the\n object's chrome privileges. (MFSA 2009-32)", "edition": 27, "published": "2009-06-19T00:00:00", "title": "Debian DSA-1820-1 : xulrunner - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "modified": "2009-06-19T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:xulrunner"], "id": "DEBIAN_DSA-1820.NASL", "href": "https://www.tenable.com/plugins/nessus/39452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1820. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39452);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_bugtraq_id(35360, 35370, 35371, 35372, 35373, 35377, 35380, 35383, 35386, 35388, 35391);\n script_xref(name:\"DSA\", value:\"1820\");\n\n script_name(english:\"Debian DSA-1820-1 : xulrunner - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2009-1392\n Several issues in the browser engine have been\n discovered, which can result in the execution of\n arbitrary code. (MFSA 2009-24)\n\n - CVE-2009-1832\n It is possible to execute arbitrary code via vectors\n involving 'double frame construction.' (MFSA 2009-24)\n\n - CVE-2009-1833\n Jesse Ruderman and Adam Hauner discovered a problem in\n the JavaScript engine, which could lead to the execution\n of arbitrary code. (MFSA 2009-24)\n\n - CVE-2009-1834\n Pavel Cvrcek discovered a potential issue leading to a\n spoofing attack on the location bar related to certain\n invalid unicode characters. (MFSA 2009-25)\n\n - CVE-2009-1835\n Gregory Fleischer discovered that it is possible to read\n arbitrary cookies via a crafted HTML document. (MFSA\n 2009-26)\n\n - CVE-2009-1836\n Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang\n reported a potential man-in-the-middle attack, when\n using a proxy due to insufficient checks on a certain\n proxy response. (MFSA 2009-27)\n\n - CVE-2009-1837\n Jakob Balle and Carsten Eiram reported a race condition\n in the NPObjWrapper_NewResolve function that can be used\n to execute arbitrary code. (MFSA 2009-28)\n\n - CVE-2009-1838\n moz_bug_r_a4 discovered that it is possible to execute\n arbitrary JavaScript with chrome privileges due to an\n error in the garbage-collection implementation. (MFSA\n 2009-29)\n\n - CVE-2009-1839\n Adam Barth and Collin Jackson reported a potential\n privilege escalation when loading a file::resource via\n the location bar. (MFSA 2009-30)\n\n - CVE-2009-1840\n Wladimir Palant discovered that it is possible to bypass\n access restrictions due to a lack of content policy\n check, when loading a script file into a XUL document.\n (MFSA 2009-31)\n\n - CVE-2009-1841\n moz_bug_r_a4 reported that it is possible for scripts\n from page content to run with elevated privileges and\n thus potentially executing arbitrary code with the\n object's chrome privileges. (MFSA 2009-32)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1820\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xulrunner packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.11-0lenny1.\n\nAs indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94, 200, 264, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libmozillainterfaces-java\", reference:\"1.9.0.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs-dev\", reference:\"1.9.0.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d\", reference:\"1.9.0.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d-dbg\", reference:\"1.9.0.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"python-xpcom\", reference:\"1.9.0.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"spidermonkey-bin\", reference:\"1.9.0.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9\", reference:\"1.9.0.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-dbg\", reference:\"1.9.0.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-gnome-support\", reference:\"1.9.0.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-dev\", reference:\"1.9.0.11-0lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "firefox:\n[3.0.11-2.0.1.el5_3]\n- Update firstrun and homepage URLs\n- Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html\n and removed the corresponding Red Hat ones\n- Added patch oracle-firefox-branding.patch\n[3.0.11-2]\n- Update due to respin\n[3.0.11-1]\n- Update to 3.0.11\nxulrunner:\n[1.9.0.11-3.0.1.el5_3]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one\n[1.9.0.11-3]\n- Added patch to fix #488570\n[1.9.0.11-2]\n- Update due to respin\n[1.9.0.11-1]\n- Update to 1.9.0.11 ", "edition": 4, "modified": "2009-06-12T00:00:00", "published": "2009-06-12T00:00:00", "id": "ELSA-2009-1095", "href": "http://linux.oracle.com/errata/ELSA-2009-1095.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:16:20", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1820-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJune 18, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner \nVulnerability : several vulnerabilities \nProblem type : remote \nDebian-specific: no \nCVE IDs : CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835\n CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840\n CVE-2009-1841 \n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems: \n\nCVE-2009-1392\n\nSeveral issues in the browser engine have been discovered, which can\nresult in the execution of arbitrary code. (MFSA 2009-24) \n\nCVE-2009-1832\n\nIt is possible to execute arbitrary code via vectors involving "double\nframe construction." (MFSA 2009-24) \n\nCVE-2009-1833\n\nJesse Ruderman and Adam Hauner discovered a problem in the JavaScript\nengine, which could lead to the execution of arbitrary code. \n(MFSA 2009-24) \n\nCVE-2009-1834\n\nPavel Cvrcek discovered a potential issue leading to a spoofing attack\non the location bar related to certain invalid unicode characters. \n(MFSA 2009-25) \n\nCVE-2009-1835\n\nGregory Fleischer discovered that it is possible to read arbitrary\ncookies via a crafted HTML document. (MFSA 2009-26) \n\nCVE-2009-1836\n\nShuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential\nman-in-the-middle attack, when using a proxy due to insufficient checks\non a certain proxy response. (MFSA 2009-27) \n\nCVE-2009-1837\n\nJakob Balle and Carsten Eiram reported a race condition in the\nNPObjWrapper_NewResolve function that can be used to execute arbitrary\ncode. (MFSA 2009-28) \n\nCVE-2009-1838\n\nmoz_bug_r_a4 discovered that it is possible to execute arbitrary\nJavaScript with chrome privileges due to an error in the\ngarbage-collection implementation. (MFSA 2009-29)\n\nCVE-2009-1839\n\nAdam Barth and Collin Jackson reported a potential privilege escalation\nwhen loading a file::resource via the location bar. (MFSA 2009-30)\n\nCVE-2009-1840\n\nWladimir Palant discovered that it is possible to bypass access\nrestrictions due to a lack of content policy check, when loading a\nscript file into a XUL document. (MFSA 2009-31)\n\nCVE-2009-1841\n\nmoz_bug_r_a4 reported that it is possible for scripts from page content\nto run with elevated privileges and thus potentially executing arbitrary\ncode with the object's chrome privileges. (MFSA 2009-32)\n\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.11-0lenny1.\n\nAs indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.\n\nFor the testing distribution (squeeze), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.11-1.\n\nWe recommend that you upgrade your xulrunner packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.11.orig.tar.gz\n Size/MD5 checksum: 43878486 54e05857f54ecaaf8c18a8ff8977ede9\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.11-0lenny1.diff.gz\n Size/MD5 checksum: 116016 9e90e48c64a417b432c07204a0cca3c7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.11-0lenny1.dsc\n Size/MD5 checksum: 1784 9da4109122928e729c43e1ad227ef3ee\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.11-0lenny1_all.deb\n Size/MD5 checksum: 1481072 a2c38ce502706675d7e19b6cfec10322\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_alpha.deb\n Size/MD5 checksum: 220876 b9c7195b3e22cb49b804bcdc98a5f29a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_alpha.deb\n Size/MD5 checksum: 111596 d8bf448a074e007530fcbdc2ace286e2\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_alpha.deb\n Size/MD5 checksum: 429342 3100f5645733df46d6ee8a9328d71551\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_alpha.deb\n Size/MD5 checksum: 51057266 d4ff87cf5448643ec1257907b7b08320\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_alpha.deb\n Size/MD5 checksum: 3648766 d150d9e0dd5b51c8d7cef73885708f95\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_alpha.deb\n Size/MD5 checksum: 71262 a468cff5e3a9d9ae2a7ecdafa3ef6aa1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_alpha.deb\n Size/MD5 checksum: 933344 433a560fa4008f875d82263f5f27a522\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_alpha.deb\n Size/MD5 checksum: 163490 0c7a249d86b2d65e132e3a6116fecc31\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_alpha.deb\n Size/MD5 checksum: 9484858 c7fceefe6a70c5077aef044262ffcee3\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_amd64.deb\n Size/MD5 checksum: 885336 0719dd55e918cd43d5f8bb28453d1ee8\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_amd64.deb\n Size/MD5 checksum: 223278 6ce156d2bd8d5cec60c3322bd10277ea\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_amd64.deb\n Size/MD5 checksum: 69806 5b58470d7a139f1de45d37dd894711fd\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_amd64.deb\n Size/MD5 checksum: 3587810 6563cb58d7d914ac16948cd30a981f92\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_amd64.deb\n Size/MD5 checksum: 373314 406f78cdf84f1cbe75a57aee36eaa1d4\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_amd64.deb\n Size/MD5 checksum: 101190 417ca47d52a6f0b874dee0473d520f10\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_amd64.deb\n Size/MD5 checksum: 50305324 4a56a34e5287acbf6643a94481e4a53e\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_amd64.deb\n Size/MD5 checksum: 151070 37a3d7bac733f0fe022a60642204d490\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_amd64.deb\n Size/MD5 checksum: 7733630 1bd17ebcf26b1b69960654134b222367\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_arm.deb\n Size/MD5 checksum: 348214 aaf36fcde01af6ab9c8910c74eca24ec\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_arm.deb\n Size/MD5 checksum: 140298 b0e59d229b23a7ae778d9cd669fee278\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_arm.deb\n Size/MD5 checksum: 6781858 23d3f3b80b854b493df8a5b4b0d74573\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_arm.deb\n Size/MD5 checksum: 3577702 8d722a076134736a4d4071c8d54a6c01\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_arm.deb\n Size/MD5 checksum: 67532 0771c01c13443b2c8c1ad638bc02efa4\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_arm.deb\n Size/MD5 checksum: 221312 c61bafa4cc40e8111b2ecae730ef2512\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_arm.deb\n Size/MD5 checksum: 813238 9c9019b072ffe9aabe4595de5f61239d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_arm.deb\n Size/MD5 checksum: 83454 39562d358d257270b4a35a0857d39d84\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_arm.deb\n Size/MD5 checksum: 49242060 82a8c186e6243aa8d26177c9ea17f84f\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_armel.deb\n Size/MD5 checksum: 3577974 10ad8d802b67feac72288b50f8982913\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_armel.deb\n Size/MD5 checksum: 141760 cb82f05c2a7d0f2bcf59dc312f046861\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_armel.deb\n Size/MD5 checksum: 69730 b2dee532d05c0d2c142f19291752b6ef\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_armel.deb\n Size/MD5 checksum: 84048 c27d4e1db5d11e1c0cc5b52154d8ccf3\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_armel.deb\n Size/MD5 checksum: 819430 f0dd69de275b66c8ac477dcc35c53f7f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_armel.deb\n Size/MD5 checksum: 6945398 623a2422199fecf2b0789be43b45a1e1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_armel.deb\n Size/MD5 checksum: 350732 9e8b7c5f70580b9c83de8388bb3c8282\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_armel.deb\n Size/MD5 checksum: 222338 d0b32bbf4683bed84f47e64b882e2803\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_armel.deb\n Size/MD5 checksum: 50082962 9441b288c89302e95521eeb771033e76\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_hppa.deb\n Size/MD5 checksum: 409254 cdaf90024b3ee42d93e4b47396c4e2c8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_hppa.deb\n Size/MD5 checksum: 3619220 486dcd3039366608220bde599536fd3f\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_hppa.deb\n Size/MD5 checksum: 158366 edbfe8b6a65138e17a6749f1f9f74f6e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_hppa.deb\n Size/MD5 checksum: 896076 4e7bf4b3b346406b242799492d7c52d7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_hppa.deb\n Size/MD5 checksum: 9498572 ac01a178199d355ca14acfbe694dd5ff\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_hppa.deb\n Size/MD5 checksum: 105466 16dde9161789bfa5ecdff4b33699ba0b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_hppa.deb\n Size/MD5 checksum: 51178368 ab80ce0bfcad0c4ba7f6a8e1696f18c1\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_hppa.deb\n Size/MD5 checksum: 70546 480722ae9b031c03e1b160b5d3d9c8b0\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_hppa.deb\n Size/MD5 checksum: 222064 2ab947cf77e78386a2b6026a1d04ce67\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_i386.deb\n Size/MD5 checksum: 3562742 14cd4e8f8a92e112f9bdc70785b2c366\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_i386.deb\n Size/MD5 checksum: 6592362 7cda737dd6f323028419ae3335c1f735\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_i386.deb\n Size/MD5 checksum: 140928 bca0b8180b6154e0614fbbba62b723d2\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_i386.deb\n Size/MD5 checksum: 849710 51452041e9c71287ef7cc84efd6e9075\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_i386.deb\n Size/MD5 checksum: 78724 d4cb9e6cdc3ed15a5f8ee090641f7077\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_i386.deb\n Size/MD5 checksum: 67420 3496ca0c0579daa3071699492cee80f2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_i386.deb\n Size/MD5 checksum: 49453720 d066dfc3d56bf77cd6e819bebc92530b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_i386.deb\n Size/MD5 checksum: 222484 7f7935702977c7873521e24655c83224\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_i386.deb\n Size/MD5 checksum: 348428 aa075e8a873ba8794dead19b05dbfeef\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_ia64.deb\n Size/MD5 checksum: 49623688 6afd6469c2c80b0d3d973d8a50d31e8b\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_ia64.deb\n Size/MD5 checksum: 179684 f7d0307dffc0aaad7cff3e78e92cd41c\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_ia64.deb\n Size/MD5 checksum: 75646 b88ac5a740b258d93f2a19850751aa13\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_ia64.deb\n Size/MD5 checksum: 3393510 d6bfd74513c42b56100c9593ad0f95e8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_ia64.deb\n Size/MD5 checksum: 121130 7687535ccc491bddd3f73f840e7e20e1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_ia64.deb\n Size/MD5 checksum: 222480 b784a7c95fcaf07b6da14317c4b0c069\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_ia64.deb\n Size/MD5 checksum: 539108 d20da7adc0bf340bf9fd809569be6579\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_ia64.deb\n Size/MD5 checksum: 809520 51774edfca03bc47a3f3d68923fcec60\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_ia64.deb\n Size/MD5 checksum: 11286510 dcac7e53599a26f69dd54a76de139842\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_mips.deb\n Size/MD5 checksum: 51812570 d3d0183f3132a16f446bcdd78ab75967\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_mips.deb\n Size/MD5 checksum: 3610174 4c156e4001e6016d937dd0b76ed580dc\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_mips.deb\n Size/MD5 checksum: 915412 c1bfe8ad7c499582ef8c977ccef65f27\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_mips.deb\n Size/MD5 checksum: 144332 77ee78102394d802e258082f7addbcbe\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_mips.deb\n Size/MD5 checksum: 96722 56777daacaa360b84b4e3aa05edecd71\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_mips.deb\n Size/MD5 checksum: 222244 fbdd53f3ff72b6a29c8ce39cc3cfe10f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_mips.deb\n Size/MD5 checksum: 7658916 408c0db56ae40697122fd88f50193934\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_mips.deb\n Size/MD5 checksum: 69514 d0e2e575d784499420754c8abd9af50a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_mips.deb\n Size/MD5 checksum: 377778 a5ab1e24584957a6cb1cb666457c0a89\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 897114 87ae9cba0faeb97a2687345e87adf392\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 49926646 89fa718bb331b75385eeae8c9801a67c\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 222480 dbc4aa1edc02a0ec874f0bfaebfbdee8\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 69156 0ad7389bc3f06f24e767737fbc52e9fc\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 7368776 93e78ea1a6712faab89a33c1e4dfaab6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 3304946 aa29a73dcd93f7fc4dfec2265f75490d\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 144620 9b45d1a05b6f6fb36785ecc078718da5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 96374 b9f28757e4af8d8de9c625e33127b371\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 375560 c8896414f96b935e06e84183dcfdbe59\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 3577026 01717cbc10caefb1b0b01c0b5fd1f94d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 7283612 316443439ef6ae959a35ea9f9f448f72\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 360002 b54823b9a6c42cc9e2fc96d20340b503\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 222826 92df5e4ac3c9c4c37d7569c768b2f888\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 72594 9c0f3abc92447af9b2729145f4665270\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 886178 6e0c34af00e47444c57dbdd74d7615bd\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 51355158 973470eacfa59e590390e02bbd594865\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 94292 8c5db950d96fc61804236569673d357e\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 152542 6c9e947aea31a946e2716d9b55638d9e\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_s390.deb\n Size/MD5 checksum: 3302788 dee47f233c50057abf09e5711f4f81f6\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_s390.deb\n Size/MD5 checksum: 222476 ebbc066f3849e6f76b4312220de0e541\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_s390.deb\n Size/MD5 checksum: 51133352 668c4d6a8e1d07300f8c2dc167ed2565\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_s390.deb\n Size/MD5 checksum: 72146 daa378828aa27c1bdb2bc156a44b6bd1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_s390.deb\n Size/MD5 checksum: 404426 d74cb3f836b87095737383827f830f93\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_s390.deb\n Size/MD5 checksum: 105168 c9466fe1af7b4c52768a29d5a689f85e\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_s390.deb\n Size/MD5 checksum: 155676 7aee79fa600cdbeb1331ab39afe4c58f\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_s390.deb\n Size/MD5 checksum: 906764 d27506e74851bbbb7981906a82a9979a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_s390.deb\n Size/MD5 checksum: 8378072 b7a585304a0c7d6960d42837ecae5850\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_sparc.deb\n Size/MD5 checksum: 49318092 524a8852efe2065eba2903375f331bd2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_sparc.deb\n Size/MD5 checksum: 7159518 abb575798284a03076b980b581b05408\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_sparc.deb\n Size/MD5 checksum: 346694 d1f904bb74f77b8a5336ca36d3e893fb\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_sparc.deb\n Size/MD5 checksum: 141522 418022086d352f0be7ed5f578cf791dc\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_sparc.deb\n Size/MD5 checksum: 87158 9b2c0c57e26431ba5f811e1bd871019d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_sparc.deb\n Size/MD5 checksum: 3573726 b49ea475fc28bc37b32c03ea6c89f6ec\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_sparc.deb\n Size/MD5 checksum: 818434 5a0e97b8225bf527094d7bfb1452753a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_sparc.deb\n Size/MD5 checksum: 221162 87d61c492ba05a96c67832a1df421bf1\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_sparc.deb\n Size/MD5 checksum: 68500 cd24b46bdd1061b1de29b6ed8df7ce2f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 11, "modified": "2009-06-18T14:13:24", "published": "2009-06-18T14:13:24", "id": "DEBIAN:DSA-1820-1:E4CB3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00132.html", "title": "[SECURITY] [DSA 1820-1] New xulrunner packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "This module allows you to use the Mozilla embedding widget from Perl. ", "modified": "2009-06-16T02:20:20", "published": "2009-06-16T02:20:20", "id": "FEDORA:0D44E10F8AE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: perl-Gtk2-MozEmbed-0.08-6.fc10.2", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2009-06-16T02:33:47", "published": "2009-06-16T02:33:47", "id": "FEDORA:4159E10F802", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: firefox-3.0.11-1.fc9", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "Miro is a free application that turns your computer into an internet TV video player. This release is still a beta version, which means that there are some bugs, but we're moving quickly to fix them and will be releasing bug fixes on a regular basis. ", "modified": "2009-06-16T02:20:20", "published": "2009-06-16T02:20:20", "id": "FEDORA:F24C110F8AA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: Miro-2.0.3-5.fc10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "Totem is simple movie player for the Gnome desktop. It features a simple playlist, a full-screen mode, seek and volume controls, as well as a pretty complete keyboard navigation. ", "modified": "2009-06-16T02:33:47", "published": "2009-06-16T02:33:47", "id": "FEDORA:A00FB10F8AE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: totem-2.23.2-17.fc9", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software. ", "modified": "2009-06-16T02:33:47", "published": "2009-06-16T02:33:47", "id": "FEDORA:8C95210F8A8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-30.fc9", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. ", "modified": "2009-06-16T02:33:47", "published": "2009-06-16T02:33:47", "id": "FEDORA:8CA8F10F8A9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: kazehakase-0.5.6-4.fc9.3", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "Google Gadgets for Linux provides a platform for running desktop gadgets under Linux, catering to the unique needs of Linux users. It can run, without modification, many Google Desktop gadgets as well as the Universal Gadgets on iGoogle. ", "modified": "2009-06-16T02:20:20", "published": "2009-06-16T02:20:20", "id": "FEDORA:ECB8C10F8A8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: google-gadgets-0.10.5-7.fc10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "modified": "2009-06-16T02:33:47", "published": "2009-06-16T02:33:47", "id": "FEDORA:8532D10F8A4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: galeon-2.0.7-11.fc9", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "modified": "2009-06-16T02:20:19", "published": "2009-06-16T02:20:19", "id": "FEDORA:DA2CA10F8A2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: galeon-2.0.7-11.fc10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841"], "description": "XULRunner provides the XUL Runtime environment for Gecko applications. ", "modified": "2009-06-16T02:20:19", "published": "2009-06-16T02:20:19", "id": "FEDORA:0511210F894", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: xulrunner-1.9.0.11-1.fc10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:27:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing an update to xulrunner-1.9\nannounced via advisory USN-779-1.", "modified": "2017-12-01T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:64261", "href": "http://plugins.openvas.org/nasl.php?oid=64261", "type": "openvas", "title": "Ubuntu USN-779-1 (xulrunner-1.9)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_779_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_779_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-779-1 (xulrunner-1.9)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n firefox-3.0 3.0.11+build2+nobinonly-0ubuntu0.8.04.1\n xulrunner-1.9 1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\n\nUbuntu 8.10:\n abrowser 3.0.11+build2+nobinonly-0ubuntu0.8.10.1\n firefox-3.0 3.0.11+build2+nobinonly-0ubuntu0.8.10.1\n xulrunner-1.9 1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\n\nUbuntu 9.04:\n abrowser 3.0.11+build2+nobinonly-0ubuntu0.9.04.1\n firefox-3.0 3.0.11+build2+nobinonly-0ubuntu0.9.04.1\n xulrunner-1.9 1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\n\nAfter a standard system upgrade you need to restart Firefox and any\napplications that use xulrunner, such as Epiphany, to effect the necessary\nchanges.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-779-1\";\n\ntag_insight = \"Several flaws were discovered in the browser and JavaScript engines of\nFirefox. If a user were tricked into viewing a malicious website, a remote\nattacker could cause a denial of service or possibly execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2009-1392,\nCVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838)\n\nPavel Cvrcek discovered that Firefox would sometimes display certain\ninvalid Unicode characters as whitespace. An attacker could exploit this to\nspoof the location bar, such as in a phishing attack. (CVE-2009-1834)\n\nGregory Fleischer, Adam Barth and Collin Jackson discovered that Firefox\nwould allow access to local files from resources loaded via the file:\nprotocol. If a user were tricked into downloading then opening a malicious\nfile, an attacker could steal potentially sensitive information.\n(CVE-2009-1835, CVE-2009-1839)\n\nShuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Firefox\ndid not properly handle error responses when connecting to a proxy server.\nIf a remote attacker were able to perform a man-in-the-middle attack, this\nflaw could be exploited to view sensitive information. (CVE-2009-1836)\n\nWladimir Palant discovered Firefox did not check content-loading policies\nwhen loading external script files into XUL documents. As a result, Firefox\nmight load malicious content under certain circumstances. (CVE-2009-1840)\n\nIt was discovered that Firefox could be made to run scripts with elevated\nprivileges. If a user were tricked into viewing a malicious website, an\nattacker could cause a chrome privileged object, such as the browser\nsidebar, to run arbitrary code via interactions with the attacker\ncontrolled website. (CVE-2009-1841)\";\ntag_summary = \"The remote host is missing an update to xulrunner-1.9\nannounced via advisory USN-779-1.\";\n\n \n\n\nif(description)\n{\n script_id(64261);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\", \"CVE-2009-1392\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-779-1 (xulrunner-1.9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-779-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:65674", "href": "http://plugins.openvas.org/nasl.php?oid=65674", "type": "openvas", "title": "SLES11: Security update for MozillaFirefox", "sourceData": "#\n#VID de3e4a68d06355acbebbe6d9a72836b8\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for MozillaFirefox\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=505563\");\n script_id(65674);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for MozillaFirefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.11~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.11~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.11~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.11~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.11~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-6366.", "modified": "2017-07-10T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:64230", "href": "http://plugins.openvas.org/nasl.php?oid=64230", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-6366 (firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6366.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6366 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream Firefox version 3.0.11, fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.11\n\nUpdate also includes all packages depending on gecko-libs rebuild\nagainst new version of Firefox / XULRunner.\n\nChangeLog:\n\n* Thu Jun 11 2009 Christopher Aillon - 3.0.11-1\n- Update to 3.0.11\n* Mon Apr 27 2009 Jan Horak - 3.0.10-1\n- Update to 3.0.10\n* Tue Apr 21 2009 Christopher Aillon - 3.0.9-1\n- Update to 3.0.9\n* Fri Mar 27 2009 Christopher Aillon - 3.0.8-1\n- Update to 3.0.8\n* Wed Mar 4 2009 Jan Horak - 3.0.7-1\n- Update to 3.0.7\n* Thu Feb 26 2009 Jan Horak - 3.0.6-2\n- Fixed spelling mistake in firefox.sh.in\n* Wed Feb 4 2009 Christopher Aillon - 3.0.6-1\n- Update to 3.0.6\n* Wed Jan 7 2009 Jan Horak - 3.0.5-2\n- Fixed wrong LANG and LC_MESSAGES variables interpretation (#441973)\nin startup script.\n* Tue Dec 16 2008 Christopher Aillon 3.0.5-1\n- Update to 3.0.5\n* Thu Nov 13 2008 Jan Horak 3.0.4-2\n- Removed firefox-2.0-getstartpage.patch patch\n- Start page is set by different way\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update firefox' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6366\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-6366.\";\n\n\n\nif(description)\n{\n script_id(64230);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-6366 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503568\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503569\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503570\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503573\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503576\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503578\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503579\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503580\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503581\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503582\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503583\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.11~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.11~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing updates to firefox announced in\nadvisory CESA-2009:1095.", "modified": "2017-07-10T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:64274", "href": "http://plugins.openvas.org/nasl.php?oid=64274", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1095 (firefox)", "sourceData": "#CESA-2009:1095 64274 2\n# $Id: ovcesa2009_1095.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1095 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1095\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1095\nhttps://rhn.redhat.com/errata/RHSA-2009-1095.html\";\ntag_summary = \"The remote host is missing updates to firefox announced in\nadvisory CESA-2009:1095.\";\n\n\n\nif(description)\n{\n script_id(64274);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1095 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.11~2.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.11~3.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.11~3.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.11~3.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:136141256231065674", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065674", "type": "openvas", "title": "SLES11: Security update for MozillaFirefox", "sourceData": "#\n#VID de3e4a68d06355acbebbe6d9a72836b8\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for MozillaFirefox\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=505563\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65674\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for MozillaFirefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.11~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.11~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.11~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.11~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.11~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-06-15T00:00:00", "id": "OPENVAS:136141256231064204", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064204", "type": "openvas", "title": "FreeBSD Ports: firefox", "sourceData": "#\n#VID da185955-5738-11de-b857-000f20797ede\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID da185955-5738-11de-b857-000f20797ede\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n firefox\n linux-firefox\n linux-firefox-devel\n firefox3\n thunderbird\n linux-thunderbird\n seamonkey\n linux-seamonkey\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-24.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-25.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-26.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-27.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-28.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-29.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-30.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-31.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-32.html\nhttp://secunia.com/advisories/35331/\nhttp://www.vuxml.org/freebsd/da185955-5738-11de-b857-000f20797ede.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64204\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)\");\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.20_8,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-firefox-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"firefox3\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.0.11\")<0) {\n txt += 'Package firefox3 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.22\")<0) {\n txt += 'Package thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.22\")<0) {\n txt += 'Package linux-thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.17\")<0) {\n txt += 'Package seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.17\")<0) {\n txt += 'Package linux-seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:034.", "modified": "2018-04-06T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:136141256231064256", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064256", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:034 (MozillaFirefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_034.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:034 (MozillaFirefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Mozilla Firefox browser was updated to version 3.0.11, fixing\nvarious bugs and security issues:\n\n* MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833\nCrashes with evidence of memory corruption (rv:1.9.0.11)\n* MFSA 2009-25/CVE-2009-1834 (bmo#479413)\nURL spoofing with invalid unicode characters\n* MFSA 2009-26/CVE-2009-1835 (bmo#491801)\nArbitrary domain cookie access by local file: resources\n* MFSA 2009-27/CVE-2009-1836 (bmo#479880)\nSSL tampering via non-200 responses to proxy CONNECT requests\n* MFSA 2009-28/CVE-2009-1837 (bmo#486269)\nRace condition while accessing the private data of a NPObject\nJS wrapper class object\n* MFSA 2009-29/CVE-2009-1838 (bmo#489131)\nArbitrary code execution using event listeners attached to an\nelement whose owner document is null\n* MFSA 2009-30/CVE-2009-1839 (bmo#479943)\nIncorrect principal set for file: resources loaded via\nlocation bar\n* MFSA 2009-31/CVE-2009-1840 (bmo#477979)\nXUL scripts bypass content-policy checks\n* MFSA 2009-32/CVE-2009-1841 (bmo#479560)\nJavaScript chrome privilege escalation\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:034\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:034.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64256\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:034 (MozillaFirefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~3.0.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~3.0.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-debuginfo\", rpm:\"mozilla-xulrunner190-debuginfo~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-debugsource\", rpm:\"mozilla-xulrunner190-debugsource~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~3.0.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~3.0.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-debuginfo\", rpm:\"mozilla-xulrunner190-debuginfo~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-debugsource\", rpm:\"mozilla-xulrunner190-debugsource~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-64bit\", rpm:\"mozilla-xulrunner190-64bit~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-64bit\", rpm:\"mozilla-xulrunner190-gnomevfs-64bit~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-64bit\", rpm:\"mozilla-xulrunner190-translations-64bit~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-debuginfo-32bit\", rpm:\"mozilla-xulrunner190-debuginfo-32bit~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-32bit\", rpm:\"mozilla-xulrunner190-32bit~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-32bit\", rpm:\"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-32bit\", rpm:\"mozilla-xulrunner190-translations-32bit~1.9.0.11~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-32bit\", rpm:\"mozilla-xulrunner190-32bit~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-32bit\", rpm:\"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-32bit\", rpm:\"mozilla-xulrunner190-translations-32bit~1.9.0.11~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1095.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838,\nCVE-2009-1841)\n\nMultiple flaws were found in the processing of malformed, local file\ncontent. If a user loaded malicious, local content via the file:// URL, it\nwas possible for that content to access other local data. (CVE-2009-1835,\nCVE-2009-1839)\n\nA script, privilege elevation flaw was found in the way Firefox loaded XML\nUser Interface Language (XUL) scripts. Firefox and certain add-ons could\nload malicious content when certain policy checks did not happen.\n(CVE-2009-1840)\n\nA flaw was found in the way Firefox displayed certain Unicode characters in\nInternational Domain Names (IDN). If an IDN contained invalid characters,\nthey may have been displayed as spaces, making it appear to the user that\nthey were visiting a trusted site. (CVE-2009-1834)\n\nA flaw was found in the way Firefox handled error responses returned from\nproxy servers. If an attacker is able to conduct a man-in-the-middle attack\nagainst a Firefox instance that is using a proxy server, they may be able\nto steal sensitive information from the site the user is visiting.\n(CVE-2009-1836)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.11. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-06-15T00:00:00", "id": "OPENVAS:136141256231064194", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064194", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1095", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1095.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1095 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1095.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838,\nCVE-2009-1841)\n\nMultiple flaws were found in the processing of malformed, local file\ncontent. If a user loaded malicious, local content via the file:// URL, it\nwas possible for that content to access other local data. (CVE-2009-1835,\nCVE-2009-1839)\n\nA script, privilege elevation flaw was found in the way Firefox loaded XML\nUser Interface Language (XUL) scripts. Firefox and certain add-ons could\nload malicious content when certain policy checks did not happen.\n(CVE-2009-1840)\n\nA flaw was found in the way Firefox displayed certain Unicode characters in\nInternational Domain Names (IDN). If an IDN contained invalid characters,\nthey may have been displayed as spaces, making it appear to the user that\nthey were visiting a trusted site. (CVE-2009-1834)\n\nA flaw was found in the way Firefox handled error responses returned from\nproxy servers. If an attacker is able to conduct a man-in-the-middle attack\nagainst a Firefox instance that is using a proxy server, they may be able\nto steal sensitive information from the site the user is visiting.\n(CVE-2009-1836)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.11. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64194\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)\");\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1095\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1095.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.11\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.11~4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.11~4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.11~2.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.11~2.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.11~3.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.0.11~3.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.11~3.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.11~3.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-6411.", "modified": "2018-04-06T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:136141256231064234", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064234", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-6411 (firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6411.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6411 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream Firefox version 3.0.11, fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.11\nUpdate also includes all packages depending on gecko-libs rebuild\nagainst new version of Firefox / XULRunner.\n\nChangeLog:\n\n* Thu Jun 11 2009 Christopher Aillon - 3.0.11-1\n- Update to 3.0.11\n* Mon Apr 27 2009 Jan Horak - 3.0.10-1\n- Update to 3.0.10\n* Tue Apr 21 2009 Christopher Aillon - 3.0.9-1\n- Update to 3.0.9\n* Fri Mar 27 2009 Christopher Aillon - 3.0.8-1\n- Update to 3.0.8\n* Wed Mar 4 2009 Jan Horak - 3.0.7-1\n- Update to 3.0.7\n* Thu Feb 26 2009 Jan Horak - 3.0.6-2\n- Fixed spelling mistake in firefox.sh.in\n* Wed Feb 4 2009 Christopher Aillon - 3.0.6-1\n- Update to 3.0.6\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update firefox' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6411\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-6411.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64234\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-6411 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503568\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503569\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503570\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503573\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503576\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503578\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503579\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503580\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503581\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503582\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503583\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.11~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.11~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-1837", "CVE-2009-1392", "CVE-2009-1834", "CVE-2009-1836", "CVE-2009-1839", "CVE-2009-1841", "CVE-2009-1840"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880720", "type": "openvas", "title": "CentOS Update for firefox CESA-2009:1095 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2009:1095 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-June/015993.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880720\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1095\");\n script_cve_id(\"CVE-2009-1392\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\");\n script_name(\"CentOS Update for firefox CESA-2009:1095 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838,\n CVE-2009-1841)\n\n Multiple flaws were found in the processing of malformed, local file\n content. If a user loaded malicious, local content via the file:// URL, it\n was possible for that content to access other local data. (CVE-2009-1835,\n CVE-2009-1839)\n\n A script, privilege elevation flaw was found in the way Firefox loaded XML\n User Interface Language (XUL) scripts. Firefox and certain add-ons could\n load malicious content when certain policy checks did not happen.\n (CVE-2009-1840)\n\n A flaw was found in the way Firefox displayed certain Unicode characters in\n International Domain Names (IDN). If an IDN contained invalid characters,\n they may have been displayed as spaces, making it appear to the user that\n they were visiting a trusted site. (CVE-2009-1834)\n\n A flaw was found in the way Firefox handled error responses returned from\n proxy servers. If an attacker is able to conduct a man-in-the-middle attack\n against a Firefox instance that is using a proxy server, they may be able\n to steal sensitive information from the site the user is visiting.\n (CVE-2009-1836)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.0.11. You can find a link to the Mozilla\n advisories in the References section of this errata.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.0.11, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.11~2.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.11~3.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.11~3.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.11~3.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "edition": 1, "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
