Search...

CVE-2015-4488

2015-08-16T01:59:00

ID CVE-2015-4488
Type cve
Reporter cve@mitre.org
Modified 2018-10-30T16:27:00

Description

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

JSON Vulners Source

Initial Source

{"id": "CVE-2015-4488", "bulletinFamily": "NVD", "title": "CVE-2015-4488", "description": "Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "published": "2015-08-16T01:59:00", "modified": "2018-10-30T16:27:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4488", "reporter": "cve@mitre.org", "references": ["http://www.ubuntu.com/usn/USN-2702-3", "http://www.ubuntu.com/usn/USN-2712-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://www.securitytracker.com/id/1033372", "http://rhn.redhat.com/errata/RHSA-2015-1682.html", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html", "http://www.ubuntu.com/usn/USN-2702-1", "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=1176270", "http://www.debian.org/security/2015/dsa-3410", "http://www.mozilla.org/security/announce/2015/mfsa2015-90.html", "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html", "http://www.debian.org/security/2015/dsa-3333", "https://security.gentoo.org/glsa/201605-06", "http://rhn.redhat.com/errata/RHSA-2015-1586.html", "http://www.securitytracker.com/id/1033247", "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html", "http://www.ubuntu.com/usn/USN-2702-2"], "cvelist": ["CVE-2015-4488"], "type": "cve", "lastseen": "2020-12-09T20:03:04", "edition": 5, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "mozilla", "idList": ["MFSA2015-90"]}, {"type": "ubuntu", "idList": ["USN-2702-3", "USN-2702-2", "USN-2702-1", "USN-2712-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882260", "OPENVAS:703333", "OPENVAS:1361412562310882262", "OPENVAS:1361412562310882242", "OPENVAS:1361412562310123019", "OPENVAS:1361412562310882264", "OPENVAS:1361412562310130054", "OPENVAS:1361412562310703333", "OPENVAS:1361412562310842421", "OPENVAS:1361412562310871438"]}, {"type": "centos", "idList": ["CESA-2015:1586", "CESA-2015:1682"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1586", "ELSA-2015-1682"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3333.NASL", "REDHAT-RHSA-2015-1586.NASL", "UBUNTU_USN-2712-1.NASL", "SL_20150825_THUNDERBIRD_ON_SL5_X.NASL", "SL_20150811_FIREFOX_ON_SL5_X.NASL", "CENTOS_RHSA-2015-1586.NASL", "MACOSX_FIREFOX_38_2_ESR.NASL", "REDHAT-RHSA-2015-1682.NASL", "ORACLELINUX_ELSA-2015-1682.NASL", "CENTOS_RHSA-2015-1682.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1586", "RHSA-2015:1682"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3410-1:624AB", "DEBIAN:DSA-3333-1:A97D1"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1476-1", "OPENSUSE-SU-2015:1389-1", "SUSE-SU-2015:1528-1", "OPENSUSE-SU-2015:1390-1", "SUSE-SU-2015:2081-1", "SUSE-SU-2015:1449-1"]}, {"type": "freebsd", "idList": ["C66A5632-708A-4727-8236-D65B2D5B2739"]}, {"type": "archlinux", "idList": ["ASA-201508-4"]}, {"type": "kaspersky", "idList": ["KLA10643"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14623"]}, {"type": "gentoo", "idList": ["GLSA-201605-06"]}], "modified": "2020-12-09T20:03:04", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2020-12-09T20:03:04", "rev": 2}, "vulnersScore": 6.0}, "cpe": ["cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:firefox:39.0.3", "cpe:/o:mozilla:firefox_os:2.1.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/o:oracle:solaris:11.3", "cpe:/a:mozilla:firefox_esr:38.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "affectedSoftware": [{"cpeName": "mozilla:firefox_esr", "name": "mozilla firefox esr", "operator": "eq", "version": "38.0.5"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "13.2"}, {"cpeName": "mozilla:firefox_esr", "name": "mozilla firefox esr", "operator": "eq", "version": "38.1.0"}, {"cpeName": "oracle:solaris", "name": "oracle solaris", "operator": "eq", "version": "11.3"}, {"cpeName": "mozilla:firefox", "name": "mozilla firefox", "operator": "le", "version": "39.0.3"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "14.04"}, {"cpeName": "mozilla:firefox_os", "name": "mozilla firefox os", "operator": "eq", "version": "2.1.0"}, {"cpeName": "mozilla:firefox_esr", "name": "mozilla firefox esr", "operator": "eq", "version": "38.0"}, {"cpeName": "mozilla:firefox_esr", "name": "mozilla firefox esr", "operator": "eq", "version": "38.0.1"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "12.04"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "13.1"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "15.04"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox:39.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:39.0.3:*:*:*:*:*:*:*", "versionEndIncluding": "39.0.3", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"mozilla": [{"lastseen": "2016-09-05T13:37:40", "bulletinFamily": "software", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487"], "edition": 1, "description": "Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "MFSA2015-90", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-90/", "type": "mozilla", "title": "Vulnerabilities found through code inspection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Oracle Linux Local Security Checks ELSA-2015-1682", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123019", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1682", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1682.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123019\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:43 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1682\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1682 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1682\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1682.html\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~1.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2015-08-28T00:00:00", "id": "OPENVAS:1361412562310882262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882262", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2015:1682 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:1682 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882262\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\",\n \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-28 05:06:48 +0200 (Fri, 28 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:1682 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,\nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen,\nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1682\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021349.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2015-08-28T00:00:00", "id": "OPENVAS:1361412562310882260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882260", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2015:1682 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:1682 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882260\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\",\n \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-28 05:05:22 +0200 (Fri, 28 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:1682 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,\nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen,\nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1682\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021348.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-08-26T00:00:00", "id": "OPENVAS:1361412562310871438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871438", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2015:1682-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2015:1682-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871438\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\",\n \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-26 09:18:00 +0200 (Wed, 26 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2015:1682-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,\nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen,\nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1682-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-August/msg00061.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~4.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~38.2.0~4.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Mageia Linux Local Security Checks mgasa-2015-0330", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310130054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130054", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0330.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130054\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:06 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0330\");\n script_tag(name:\"insight\", value:\"Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0330.html\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0330\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"thunderbird-l10n\", rpm:\"thunderbird-l10n~38.2.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-08-26T00:00:00", "id": "OPENVAS:1361412562310842421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842421", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-2712-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for thunderbird USN-2712-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842421\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-26 09:23:18 +0200 (Wed, 26 Aug 2015)\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\",\n \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-2712-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Gary Kwong, Christian Holler, and Byron\nCampen discovered multiple memory safety issues in Thunderbird. If a user were\ntricked in to opening a specially crafted message, an attacker could potentially\nexploit these to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2015-4473)\n\nRonald Crane reported 3 security issues. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these, in combination with another security vulnerability, to\ncause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Thunderbird. (CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were\ntricked in to opening a specially crafted message, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2015-4491)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2712-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2712-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:38.2.0+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:38.2.0+build1-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2015-08-28T00:00:00", "id": "OPENVAS:1361412562310882264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882264", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2015:1682 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:1682 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882264\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\",\n \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-28 05:07:16 +0200 (Fri, 28 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:1682 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,\nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen,\nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1682\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021347.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.2.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473"], "description": "Multiple security issues have been found in Iceweasel, Debian", "modified": "2019-03-18T00:00:00", "published": "2015-08-12T00:00:00", "id": "OPENVAS:1361412562310703333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703333", "type": "openvas", "title": "Debian Security Advisory DSA 3333-1 (iceweasel - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3333.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3333-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703333\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\",\n \"CVE-2015-4484\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\",\n \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_name(\"Debian Security Advisory DSA 3333-1 (iceweasel - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-12 00:00:00 +0200 (Wed, 12 Aug 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3333.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"iceweasel on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.2.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.2.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.2.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"38.2.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473"], "description": "Multiple security issues have been found in Iceweasel, Debian", "modified": "2017-07-07T00:00:00", "published": "2015-08-12T00:00:00", "id": "OPENVAS:703333", "href": "http://plugins.openvas.org/nasl.php?oid=703333", "type": "openvas", "title": "Debian Security Advisory DSA 3333-1 (iceweasel - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3333.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3333-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703333);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\",\n \"CVE-2015-4484\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\",\n \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_name(\"Debian Security Advisory DSA 3333-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-08-12 00:00:00 +0200 (Wed, 12 Aug 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3333.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"iceweasel on Debian Linux\");\n script_tag(name: \"insight\", value: \"Iceweasel is Firefox, rebranded. It is a powerful, extensible web browser\nwith support for modern web application technologies.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.2.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.2.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.2.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"38.2.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2015-08-12T00:00:00", "id": "OPENVAS:1361412562310882242", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882242", "type": "openvas", "title": "CentOS Update for firefox CESA-2015:1586 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2015:1586 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882242\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\",\n \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\",\n \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\",\n \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-12 05:07:07 +0200 (Wed, 12 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2015:1586 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web\n browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479,\nCVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485,\nCVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki\nHelin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano\nTomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya,\nRonald Crane, and Looben Yang as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.2 ESR, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1586\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021306.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~38.2.0~4.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4473", "CVE-2015-4487", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4491"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, \nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, \nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-06-06T20:24:06", "published": "2015-08-25T04:00:00", "id": "RHSA-2015:1682", "href": "https://access.redhat.com/errata/RHSA-2015:1682", "type": "redhat", "title": "(RHSA-2015:1682) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:13", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4473", "CVE-2015-4475", "CVE-2015-4478", "CVE-2015-4479", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4485", "CVE-2015-4486", "CVE-2015-4487", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4491", "CVE-2015-4492", "CVE-2015-4493"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479,\nCVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485,\nCVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki\nHelin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano\nTomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya,\nRonald Crane, and Looben Yang as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.2 ESR, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:22", "published": "2015-08-11T04:00:00", "id": "RHSA-2015:1586", "href": "https://access.redhat.com/errata/RHSA-2015:1586", "type": "redhat", "title": "(RHSA-2015:1586) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:39", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1682\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, \nCVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message because JavaScript is disabled by default for mail\nmessages. However, they could be exploited in other ways in Thunderbird\n(for example, by viewing the full remote content of an RSS feed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, \nGustavo Grieco, and Ronald Crane as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.2. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033385.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033386.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033387.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1682.html", "edition": 3, "modified": "2015-08-25T23:21:00", "published": "2015-08-25T22:25:27", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/033385.html", "id": "CESA-2015:1682", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-17T03:32:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1586\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479,\nCVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485,\nCVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki\nHelin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano\nTomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya,\nRonald Crane, and Looben Yang as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.2 ESR, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033343.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033344.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033346.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1586.html", "edition": 5, "modified": "2015-08-12T03:00:24", "published": "2015-08-11T20:36:44", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/033343.html", "id": "CESA-2015:1586", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:05:23", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "[38.2.0-4.0.1.el6_7]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[38.2.0-4]\n- Update to 38.2.0\n[38.1.0-4]\n- Update to 38.1.0", "edition": 5, "modified": "2015-08-25T00:00:00", "published": "2015-08-25T00:00:00", "id": "ELSA-2015-1682", "href": "http://linux.oracle.com/errata/ELSA-2015-1682.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "[38.2.0-4.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484]\n[38.2.0-4]\n- Update to 38.2.0 ESR", "edition": 4, "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "ELSA-2015-1586", "href": "http://linux.oracle.com/errata/ELSA-2015-1586.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:50", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "description": "Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory \nsafety issues in Thunderbird. If a user were tricked in to opening a \nspecially crafted message, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges ofthe user invoking Thunderbird. (CVE-2015-4473)\n\nRonald Crane reported 3 security issues. If a user were tricked in to \nopening a specially crafted message, an attacker could potentially \nexploit these, in combination with another security vulnerability, to \ncause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Thunderbird. (CVE-2015-4487, \nCVE-2015-4488, CVE-2015-4489)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were \ntricked in to opening a specially crafted message, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the priviliges of the user invoking \nThunderbird. (CVE-2015-4491)", "edition": 5, "modified": "2015-08-25T00:00:00", "published": "2015-08-25T00:00:00", "id": "USN-2712-1", "href": "https://ubuntu.com/security/notices/USN-2712-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users \nin the US reported that their default search engine switched to Yahoo. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nGary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, \nChris Coulson, and Eric Rahm discovered multiple memory safety issues in \nFirefox. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)\n\nAki Helin discovered an out-of-bounds read when playing malformed MP3 \ncontent in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \nobtain sensitive information, cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4475)\n\nA use-after-free was discovered during MediaStream playback in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash or execute arbitrary code with the \npriviliges of the user invoking Firefox. (CVE-2015-4477)\n\nAndr\u00e9 Bargull discovered that non-configurable properties on javascript \nobjects could be redefined when parsing JSON. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to bypass same-origin restrictions. (CVE-2015-4478)\n\nMultiple integer overflows were discovered in libstagefright. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)\n\nJukka Jyl\u00e4nki discovered a crash that occurs because javascript does not \nproperly gate access to Atomics or SharedArrayBuffers in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-4484)\n\nAbhishek Arya discovered 2 buffer overflows in libvpx when decoding \nmalformed WebM content in some circumstances. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2015-4485, CVE-2015-4486)\n\nRonald Crane reported 3 security issues. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially \nexploit these, in combination with another security vulnerability, to \ncause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2015-4487, \nCVE-2015-4488, CVE-2015-4489)\n\nChristoph Kerschbaumer discovered an issue with Mozilla's implementation \nof Content Security Policy (CSP), which could allow for a more permissive \nusage in some cirucumstances. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the priviliges of the user invoking \nFirefox. (CVE-2015-4491)\n\nLooben Yang discovered a use-after-free when using XMLHttpRequest with \nshared workers in some circumstances. If a user were tricked in to opening \na specially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash or execute arbitrary code \nwith the priviliges of the user invoking Firefox. (CVE-2015-4492)", "edition": 5, "modified": "2015-08-20T00:00:00", "published": "2015-08-20T00:00:00", "id": "USN-2702-3", "href": "https://ubuntu.com/security/notices/USN-2702-3", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "USN-2702-1 fixed vulnerabilities in Firefox. This update provides the \ncorresponding updates for Ubufox.\n\nOriginal advisory details:\n\nGary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, \nChris Coulson, and Eric Rahm discovered multiple memory safety issues in \nFirefox. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)\n\nAki Helin discovered an out-of-bounds read when playing malformed MP3 \ncontent in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \nobtain sensitive information, cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4475)\n\nA use-after-free was discovered during MediaStream playback in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash or execute arbitrary code with the \npriviliges of the user invoking Firefox. (CVE-2015-4477)\n\nAndr\u00e9 Bargull discovered that non-configurable properties on javascript \nobjects could be redefined when parsing JSON. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to bypass same-origin restrictions. (CVE-2015-4478)\n\nMultiple integer overflows were discovered in libstagefright. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)\n\nJukka Jyl\u00e4nki discovered a crash that occurs because javascript does not \nproperly gate access to Atomics or SharedArrayBuffers in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-4484)\n\nAbhishek Arya discovered 2 buffer overflows in libvpx when decoding \nmalformed WebM content in some circumstances. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2015-4485, CVE-2015-4486)\n\nRonald Crane reported 3 security issues. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially \nexploit these, in combination with another security vulnerability, to \ncause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2015-4487, \nCVE-2015-4488, CVE-2015-4489)\n\nChristoph Kerschbaumer discovered an issue with Mozilla's implementation \nof Content Security Policy (CSP), which could allow for a more permissive \nusage in some cirucumstances. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the priviliges of the user invoking \nFirefox. (CVE-2015-4491)\n\nLooben Yang discovered a use-after-free when using XMLHttpRequest with \nshared workers in some circumstances. If a user were tricked in to opening \na specially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash or execute arbitrary code \nwith the priviliges of the user invoking Firefox. (CVE-2015-4492)", "edition": 5, "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "USN-2702-2", "href": "https://ubuntu.com/security/notices/USN-2702-2", "title": "Ubufox update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:38:16", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, \nChris Coulson, and Eric Rahm discovered multiple memory safety issues in \nFirefox. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)\n\nAki Helin discovered an out-of-bounds read when playing malformed MP3 \ncontent in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \nobtain sensitive information, cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4475)\n\nA use-after-free was discovered during MediaStream playback in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash or execute arbitrary code with the \npriviliges of the user invoking Firefox. (CVE-2015-4477)\n\nAndr\u00e9 Bargull discovered that non-configurable properties on javascript \nobjects could be redefined when parsing JSON. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to bypass same-origin restrictions. (CVE-2015-4478)\n\nMultiple integer overflows were discovered in libstagefright. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)\n\nJukka Jyl\u00e4nki discovered a crash that occurs because javascript does not \nproperly gate access to Atomics or SharedArrayBuffers in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-4484)\n\nAbhishek Arya discovered 2 buffer overflows in libvpx when decoding \nmalformed WebM content in some circumstances. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2015-4485, CVE-2015-4486)\n\nRonald Crane reported 3 security issues. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially \nexploit these, in combination with another security vulnerability, to \ncause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2015-4487, \nCVE-2015-4488, CVE-2015-4489)\n\nChristoph Kerschbaumer discovered an issue with Mozilla's implementation \nof Content Security Policy (CSP), which could allow for a more permissive \nusage in some cirucumstances. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the priviliges of the user invoking \nFirefox. (CVE-2015-4491)\n\nLooben Yang discovered a use-after-free when using XMLHttpRequest with \nshared workers in some circumstances. If a user were tricked in to opening \na specially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash or execute arbitrary code \nwith the priviliges of the user invoking Firefox. (CVE-2015-4492)", "edition": 5, "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "USN-2702-1", "href": "https://ubuntu.com/security/notices/USN-2702-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-05-31T20:09:24", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 22, "published": "2015-08-26T00:00:00", "title": "RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1682)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-08-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1682.NASL", "href": "https://www.tenable.com/plugins/nessus/85645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1682. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85645);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_xref(name:\"RHSA\", value:\"2015:1682\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1682)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3138c54\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4491\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1682\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-1.el7_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.2.0-1.el7_1\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:09", "description": "From Red Hat Security Advisory 2015:1682 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 17, "published": "2015-08-26T00:00:00", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1682)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-08-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1682.NASL", "href": "https://www.tenable.com/plugins/nessus/85642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1682 and \n# Oracle Linux Security Advisory ELSA-2015-1682 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85642);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_xref(name:\"RHSA\", value:\"2015:1682\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1682)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2015:1682 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005360.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-38.2.0-4.0.1.el6_7\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-1.0.1.el7_1\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:48:58", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 14, "published": "2015-08-26T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150825)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-08-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150825_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85646);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150825)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=24093\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40a93d02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-38.2.0-4.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-38.2.0-4.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-38.2.0-4.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-38.2.0-4.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-1.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.2.0-1.el7_1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:29:02", "description": "Gary Kwong, Christian Holler, and Byron Campen discovered multiple\nmemory safety issues in Thunderbird. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges ofthe user invoking\nThunderbird. (CVE-2015-4473)\n\nRonald Crane reported 3 security issues. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these, in combination with another security vulnerability, to\ncause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Thunderbird.\n(CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user\nwere tricked in to opening a specially crafted message, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Thunderbird. (CVE-2015-4491).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2015-08-26T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2712-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-08-26T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2712-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2712-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85648);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_xref(name:\"USN\", value:\"2712-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2712-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gary Kwong, Christian Holler, and Byron Campen discovered multiple\nmemory safety issues in Thunderbird. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges ofthe user invoking\nThunderbird. (CVE-2015-4473)\n\nRonald Crane reported 3 security issues. If a user were tricked in to\nopening a specially crafted message, an attacker could potentially\nexploit these, in combination with another security vulnerability, to\ncause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Thunderbird.\n(CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user\nwere tricked in to opening a specially crafted message, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Thunderbird. (CVE-2015-4491).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2712-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:38.2.0+build1-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:38.2.0+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"thunderbird\", pkgver:\"1:38.2.0+build1-0ubuntu0.15.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:19", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.", "edition": 21, "published": "2015-10-22T00:00:00", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1682)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491"], "modified": "2015-10-22T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-1682.NASL", "href": "https://www.tenable.com/plugins/nessus/86497", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1682 and \n# CentOS Errata and Security Advisory 2015:1682 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86497);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\");\n script_xref(name:\"RHSA\", value:\"2015:1682\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1682)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-4473, CVE-2015-4491,\nCVE-2015-4487, CVE-2015-4488, CVE-2015-4489)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message because JavaScript is disabled by default\nfor mail messages. However, they could be exploited in other ways in\nThunderbird (for example, by viewing the full remote content of an RSS\nfeed).\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Gustavo Grieco, and Ronald Crane as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.2. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.2, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021347.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b57413e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021348.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90963b2b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021349.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90556324\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4473\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-38.2.0-4.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-38.2.0-4.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-38.2.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:12", "description": "Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors, integer overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.", "edition": 22, "published": "2015-08-13T00:00:00", "title": "Debian DSA-3333-1 : iceweasel - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473"], "modified": "2015-08-13T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3333.NASL", "href": "https://www.tenable.com/plugins/nessus/85356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3333. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85356);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_xref(name:\"DSA\", value:\"3333\");\n\n script_name(english:\"Debian DSA-3333-1 : iceweasel - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors, integer overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3333\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 38.2.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 38.2.0esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-csb\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ku\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zu\", reference:\"38.2.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-csb\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ku\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zu\", reference:\"38.2.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:07", "description": "From Red Hat Security Advisory 2015:1586 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 17, "published": "2015-08-12T00:00:00", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "modified": "2015-08-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/85339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1586 and \n# Oracle Linux Security Advisory ELSA-2015-1586 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85339);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\", \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_xref(name:\"RHSA\", value:\"2015:1586\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2015:1586 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005315.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005317.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-38.2.0-4.0.1.el5_11\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-38.2.0-4.0.1.el6_7\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-38.2.0-4.0.1.el7_1\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-31T20:09:24", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 22, "published": "2015-08-12T00:00:00", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "modified": "2015-08-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/85342", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1586. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85342);\n script_version(\"2.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\", \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_xref(name:\"RHSA\", value:\"2015:1586\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4493\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1586\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-38.2.0-4.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-38.2.0-4.el6_7\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-38.2.0-4.el7_1\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-38.2.0-4.el7_1\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:18", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 28, "published": "2015-08-12T00:00:00", "title": "CentOS 5 / 6 / 7 : firefox (CESA-2015:1586)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "modified": "2015-08-12T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/85336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1586 and \n# CentOS Errata and Security Advisory 2015:1586 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85336);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4480\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\", \"CVE-2015-4492\", \"CVE-2015-4493\");\n script_xref(name:\"RHSA\", value:\"2015:1586\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : firefox (CESA-2015:1586)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,\nCVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484,\nCVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489, CVE-2015-4492)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Christian Holler, Byron\nCampen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel,\nMassimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco,\nAbhishek Arya, Ronald Crane, and Looben Yang as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.2 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021305.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad794db1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021306.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f8bc361\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021308.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f652d6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4473\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-38.2.0-4.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-38.2.0-4.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-38.2.0-4.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:00", "description": "Mozilla Firefox is being updated to the current Firefox 38ESR branch\n(specifically the 38.2.0ESR release).\n\nSecurity issues fixed :\n\n - MFSA 2015-78 / CVE-2015-4495: Same origin violation and\n local file stealing via PDF reader\n\n - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474:\n Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)\n\n - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with\n malformed MP3 file\n\n - MFSA 2015-82 / CVE-2015-4478: Redefinition of\n non-configurable JavaScript object properties\n\n - MFSA 2015-83 / CVE-2015-4479: Overflow issues in\n libstagefright\n\n - MFSA 2015-87 / CVE-2015-4484: Crash when using shared\n memory in JavaScript\n\n - MFSA 2015-88 / CVE-2015-4491: Heap overflow in\n gdk-pixbuf when scaling bitmap images\n\n - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer\n overflows on Libvpx when decoding WebM video\n\n - MFSA 2015-90 /\n CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:\n Vulnerabilities found through code inspection\n\n - MFSA 2015-92 / CVE-2015-4492: Use-after-free in\n XMLHttpRequest with shared workers\n\nThis update also contains a lot of feature improvements and bug fixes\nfrom 31ESR to 38ESR.\n\nAlso the Mozilla NSS library switched its CKBI API from 1.98 to 2.4,\nwhich is what Firefox 38ESR uses.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-09-11T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4495", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "modified": "2015-09-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:MozillaFirefox", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libsoftokn3"], "id": "SUSE_SU-2015-1528-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1528-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85906);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4473\", \"CVE-2015-4474\", \"CVE-2015-4475\", \"CVE-2015-4478\", \"CVE-2015-4479\", \"CVE-2015-4484\", \"CVE-2015-4485\", \"CVE-2015-4486\", \"CVE-2015-4487\", \"CVE-2015-4488\", \"CVE-2015-4489\", \"CVE-2015-4491\", \"CVE-2015-4492\", \"CVE-2015-4495\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is being updated to the current Firefox 38ESR branch\n(specifically the 38.2.0ESR release).\n\nSecurity issues fixed :\n\n - MFSA 2015-78 / CVE-2015-4495: Same origin violation and\n local file stealing via PDF reader\n\n - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474:\n Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)\n\n - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with\n malformed MP3 file\n\n - MFSA 2015-82 / CVE-2015-4478: Redefinition of\n non-configurable JavaScript object properties\n\n - MFSA 2015-83 / CVE-2015-4479: Overflow issues in\n libstagefright\n\n - MFSA 2015-87 / CVE-2015-4484: Crash when using shared\n memory in JavaScript\n\n - MFSA 2015-88 / CVE-2015-4491: Heap overflow in\n gdk-pixbuf when scaling bitmap images\n\n - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer\n overflows on Libvpx when decoding WebM video\n\n - MFSA 2015-90 /\n CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:\n Vulnerabilities found through code inspection\n\n - MFSA 2015-92 / CVE-2015-4492: Use-after-free in\n XMLHttpRequest with shared workers\n\nThis update also contains a lot of feature improvements and bug fixes\nfrom 31ESR to 38ESR.\n\nAlso the Mozilla NSS library switched its CKBI API from 1.98 to 2.4,\nwhich is what Firefox 38ESR uses.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4474/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4475/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4478/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4479/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4484/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4486/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4487/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4488/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4489/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4492/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4495/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151528-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d87736ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-firefox38-20150820-12083=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-firefox38-20150820-12083=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"MozillaFirefox-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-31.0-0.12.51\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"MozillaFirefox-translations-38.2.1esr-19.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libfreebl3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libsoftokn3-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"mozilla-nss-3.19.2.0-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"mozilla-nss-tools-3.19.2.0-0.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:10", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4493", "CVE-2015-4487", "CVE-2015-4473"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3333-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 12, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2015-4473 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 \n CVE-2015-4484 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489\n CVE-2015-4492 CVE-2015-4493\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 38.2.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.2.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.2.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-08-12T10:24:29", "published": "2015-08-12T10:24:29", "id": "DEBIAN:DSA-3333-1:A97D1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00231.html", "title": "[SECURITY] [DSA 3333-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:57:05", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4488", "CVE-2015-7198", "CVE-2015-7200", "CVE-2015-7181", "CVE-2015-7194", "CVE-2015-4489", "CVE-2015-7189", "CVE-2015-7182", "CVE-2015-7188", "CVE-2015-7199", "CVE-2015-4513", "CVE-2015-7193", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-7197"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3410-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 01, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2015-4473 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 \n CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7188\n CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7197\n CVE-2015-7198 CVE-2015-7199 CVE-2015-7200\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 38.4.0-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.4.0-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.4.0-1.\n\nIn addition enigmail has been updated to a release compatible with the\nnew ESR38 series.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2015-12-01T22:21:29", "published": "2015-12-01T22:21:29", "id": "DEBIAN:DSA-3410-1:624AB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00315.html", "title": "[SECURITY] [DSA 3410-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:21:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4495", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475"], "description": "Mozilla Firefox is being updated to the current Firefox 38ESR branch\n (specifically the 38.2.0ESR release).\n\n Security issues fixed:\n - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file\n stealing via PDF reader\n - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety\n hazards (rv:40.0 / rv:38.2)\n - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file\n - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable\n JavaScript object properties\n - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright\n - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in\n JavaScript\n - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling\n bitmap images\n - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx\n when decoding WebM video\n - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:\n Vulnerabilities found through code inspection\n - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with\n shared workers\n\n This update also contains a lot of feature improvements and bug fixes from\n 31ESR to 38ESR.\n\n Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which\n is what Firefox 38ESR uses.\n\n", "edition": 1, "modified": "2015-09-10T17:10:07", "published": "2015-09-10T17:10:07", "id": "SUSE-SU-2015:1528-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:38:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4497", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4495", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4498", "CVE-2015-4475"], "description": "Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical\n and non critical security vulnerabilities.\n\n - Firefox was updated to 38.2.1 ESR (bsc#943608)\n * MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing\n canvas element during restyling\n * MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass\n through data URLs\n\n - Firefox was updated to 38.2.0 ESR (bsc#940806)\n * MFSA 2015-78/CVE-2015-4495 (bmo#1178058, bmo#1179262) Same origin\n violation and local file stealing via PDF reader\n * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 (bmo#1143130, bmo#1161719,\n bmo#1177501, bmo#1181204, bmo#1184068, bmo#1188590, bmo#1146213,\n bmo#1178890, bmo#1182711) Miscellaneous memory safety hazards (rv:40.0\n / rv:38.2)\n * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with\n malformed MP3 file\n * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of\n non-configurable JavaScript object properties\n * MFSA 2015-83/CVE-2015-4479 (bmo#1185115, bmo#1144107, bmo#1170344,\n bmo#1186718) Overflow issues in libstagefright\n * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared\n memory in JavaScript\n * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf\n when scaling bitmap images\n * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)\n Buffer overflows on Libvpx when decoding WebM video\n * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 (bmo#1176270,\n bmo#1182723, bmo#1171603) Vulnerabilities found through code inspection\n * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in\n XMLHttpRequest with shared workers\n\n Mozilla NSS switched the CKBI ABI from 1.98 to 2.4, which is what Firefox\n 38ESR uses.\n\n", "edition": 1, "modified": "2015-09-02T12:10:07", "published": "2015-09-02T12:10:07", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00001.html", "id": "SUSE-SU-2015:1476-1", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:33", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4481", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4495", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "- update to Firefox 40.0 (bnc#940806)\n * Added protection against unwanted software downloads\n * Suggested Tiles show sites of interest, based on categories from your\n recent browsing history\n * Hello allows adding a link to conversations to provide context\n on what the conversation will be about\n * New style for add-on manager based on the in-content preferences style\n * Improved scrolling, graphics, and video playback performance with off\n main thread compositing (GNU/Linux only)\n * Graphic blocklist mechanism improved: Firefox version ranges can be\n specified, limiting the number of devices blocked security fixes:\n * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety\n hazards\n * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with\n malformed MP3 file\n * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream\n playback\n * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of\n non-configurable JavaScript object properties\n * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues\n in libstagefright\n * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting\n through Mozilla Maintenance Service with hard links (only affected\n Windows)\n * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with\n Updater and malicious MAR file (does not affect openSUSE RPM packages\n which do not ship the updater)\n * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST\n bypasses mixed content protections\n * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared\n memory in JavaScript\n * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf\n when scaling bitmap images\n * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)\n Buffer overflows on Libvpx when decoding WebM video\n * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities\n found through code inspection\n * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security\n Policy allows for asterisk wildcards in violation of CSP specification\n * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in\n XMLHttpRequest with shared workers\n - added mozilla-no-stdcxx-check.patch\n - removed obsolete patches\n * mozilla-add-glibcxx_use_cxx11_abi.patch\n * firefox-multilocale-chrome.patch\n - rebased patches\n - requires version 40 of the branding package\n - removed browser/searchplugins/ location as it's not valid anymore\n\n - includes security update to Firefox 39.0.3 (bnc#940918)\n * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin\n violation and local file stealing via PDF reader\n\n", "edition": 1, "modified": "2015-08-14T19:10:03", "published": "2015-08-14T19:10:03", "id": "OPENSUSE-SU-2015:1390-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:18:32", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4481", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4495", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "- update to Firefox 40.0 (bnc#940806)\n * Added protection against unwanted software downloads\n * Suggested Tiles show sites of interest, based on categories from your\n recent browsing history\n * Hello allows adding a link to conversations to provide context\n on what the conversation will be about\n * New style for add-on manager based on the in-content preferences style\n * Improved scrolling, graphics, and video playback performance with off\n main thread compositing (GNU/Linux only)\n * Graphic blocklist mechanism improved: Firefox version ranges can be\n specified, limiting the number of devices blocked security fixes:\n * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety\n hazards\n * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with\n malformed MP3 file\n * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream\n playback\n * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of\n non-configurable JavaScript object properties\n * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues\n in libstagefright\n * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting\n through Mozilla Maintenance Service with hard links (only affected\n Windows)\n * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with\n Updater and malicious MAR file (does not affect openSUSE RPM packages\n which do not ship the updater)\n * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST\n bypasses mixed content protections\n * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared\n memory in JavaScript\n * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf\n when scaling bitmap images\n * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)\n Buffer overflows on Libvpx when decoding WebM video\n * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities\n found through code inspection\n * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security\n Policy allows for asterisk wildcards in violation of CSP specification\n * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in\n XMLHttpRequest with shared workers\n - added mozilla-no-stdcxx-check.patch\n - removed obsolete patches\n * mozilla-add-glibcxx_use_cxx11_abi.patch\n * firefox-multilocale-chrome.patch\n - rebased patches\n - requires version 40 of the branding package\n - removed browser/searchplugins/ location as it's not valid anymore\n\n - includes security update to Firefox 39.0.3 (bnc#940918)\n * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin\n violation and local file stealing via PDF reader\n\n", "edition": 1, "modified": "2015-08-14T19:09:37", "published": "2015-08-14T19:09:37", "id": "OPENSUSE-SU-2015:1389-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4000", "CVE-2015-2738", "CVE-2015-4488", "CVE-2015-2737", "CVE-2015-2726", "CVE-2015-2728", "CVE-2015-2724", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-2739", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-2733", "CVE-2015-2721", "CVE-2015-4495", "CVE-2015-2722", "CVE-2015-2725", "CVE-2015-2734", "CVE-2015-2743", "CVE-2015-4487", "CVE-2015-2735", "CVE-2015-4473", "CVE-2015-2736", "CVE-2015-4491", "CVE-2015-2740", "CVE-2015-4475", "CVE-2015-2730"], "description": "Mozilla Firefox is being updated to the current Firefox 38ESR branch\n (specifically the 38.2.0ESR release).\n\n Security issues fixed:\n - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file\n stealing via PDF reader\n - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety\n hazards (rv:40.0 / rv:38.2)\n - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file\n - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable\n JavaScript object properties\n - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright\n - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in\n JavaScript\n - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling\n bitmap images\n - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx\n when decoding WebM video\n - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:\n Vulnerabilities found through code inspection\n - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with\n shared workers\n\n The following vulnerabilities were fixed in ESR31 and are also included\n here:\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935033).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n This update also contains a lot of feature improvements and bug fixes from\n 31ESR to 38ESR.\n\n Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which\n is what Firefox 38ESR uses.\n\n Mozilla Firefox and mozilla-nss were updated to fix 17 security issues.\n\n", "edition": 1, "modified": "2015-08-28T16:10:19", "published": "2015-08-28T16:10:19", "id": "SUSE-SU-2015:1449-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:23:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-7198", "CVE-2015-7174", "CVE-2015-7200", "CVE-2015-7177", "CVE-2015-7181", "CVE-2015-4517", "CVE-2015-4501", "CVE-2015-4500", "CVE-2015-4511", "CVE-2015-7194", "CVE-2015-4497", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-7189", "CVE-2015-7182", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4520", "CVE-2015-7188", "CVE-2015-7183", "CVE-2015-7196", "CVE-2015-4519", "CVE-2015-7176", "CVE-2015-4509", "CVE-2015-7199", "CVE-2015-7180", "CVE-2015-4513", "CVE-2015-4521", "CVE-2015-7193", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-7197", "CVE-2015-4491", "CVE-2015-4506", "CVE-2015-7175", "CVE-2015-4498", "CVE-2015-4475", "CVE-2015-4522"], "description": "MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple\n security issues.\n\n * MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards\n (rv:42.0 / rv:38.4)\n * MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address\n hostnames can bypass same-origin policy\n * MFSA 2015-123/CVE-2015-7189 Buffer overflow during image\n interactions in canvas\n * MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when\n non-standard Content-Type headers are received\n * MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip\n files\n * MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with\n Java applet\n * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200\n Vulnerabilities found through code inspection\n * MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass\n through workers\n * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR\n memory corruption issues\n\n It also includes fixes from 38.3.0ESR:\n\n * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety\n hazards (rv:41.0 / rv:38.3)\n * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing\n vp9 format video\n * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video\n * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML\n media content\n * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes\n final URL after redirects\n * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight\n request headers\n * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522\n CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177\n CVE-2015-7180 Vulnerabilities found through code inspection\n\n It also includes fixes from the Firefox 38.2.1ESR release:\n\n * MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing\n canvas element during restyling\n * MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass\n through data URLs\n\n It also includes fixes from the Firefox 38.2.0ESR release:\n\n * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety\n hazards (rv:40.0 / rv:38.2)\n * MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file\n * MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable\n JavaScript object properties\n * MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright\n * MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in\n JavaScript\n * MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling\n bitmap images\n * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx\n when decoding WebM video\n * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489\n Vulnerabilities found through code inspection\n * MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with\n shared workers\n\n Security Issues:\n\n * CVE-2015-4473\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473</a>>\n * CVE-2015-4474\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474</a>>\n * CVE-2015-4475\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475</a>>\n * CVE-2015-4478\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478</a>>\n * CVE-2015-4479\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479</a>>\n * CVE-2015-4484\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484</a>>\n * CVE-2015-4485\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485</a>>\n * CVE-2015-4486\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486</a>>\n * CVE-2015-4487\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487</a>>\n * CVE-2015-4488\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488</a>>\n * CVE-2015-4489\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489</a>>\n * CVE-2015-4491\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491</a>>\n * CVE-2015-4492\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492</a>>\n * CVE-2015-4497\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497</a>>\n * CVE-2015-4498\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498</a>>\n * CVE-2015-4500\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500</a>>\n * CVE-2015-4501\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501</a>>\n * CVE-2015-4506\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506</a>>\n * CVE-2015-4509\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509</a>>\n * CVE-2015-4511\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511</a>>\n * CVE-2015-4513\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513</a>>\n * CVE-2015-4517\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517</a>>\n * CVE-2015-4519\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519</a>>\n * CVE-2015-4520\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520</a>>\n * CVE-2015-4521\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521</a>>\n * CVE-2015-4522\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522</a>>\n * CVE-2015-7174\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174</a>>\n * CVE-2015-7175\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175</a>>\n * CVE-2015-7176\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176</a>>\n * CVE-2015-7177\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177</a>>\n * CVE-2015-7180\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180</a>>\n * CVE-2015-7181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181</a>>\n * CVE-2015-7182\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182</a>>\n * CVE-2015-7183\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183</a>>\n * CVE-2015-7188\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188</a>>\n * CVE-2015-7189\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189</a>>\n * CVE-2015-7193\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193</a>>\n * CVE-2015-7194\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194</a>>\n * CVE-2015-7196\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196</a>>\n * CVE-2015-7197\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197</a>>\n * CVE-2015-7198\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198</a>>\n * CVE-2015-7199\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199</a>>\n * CVE-2015-7200\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200</a>>\n\n\n", "edition": 1, "modified": "2015-11-23T22:10:12", "published": "2015-11-23T22:10:12", "id": "SUSE-SU-2015:2081-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4488", "CVE-2015-4481", "CVE-2015-4489", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0\n\t / rv:38.2)\nMFSA 2015-80 Out-of-bounds read with malformed MP3\n\t file\nMFSA 2015-81 Use-after-free in MediaStream playback\nMFSA 2015-82 Redefinition of non-configurable JavaScript object properties\nMFSA 2015-83 Overflow issues in libstagefright\nMFSA 2015-84 Arbitrary file overwriting through Mozilla\n\t Maintenance Service with hard links\nMFSA 2015-85 Out-of-bounds write with Updater and\n\t malicious MAR file\nMFSA 2015-86 Feed protocol with POST bypasses mixed\n\t content protections\nMFSA 2015-87 Crash when using shared memory in\n\t JavaScript\nMFSA 2015-88 Heap overflow in gdk-pixbuf when scaling\n\t bitmap images\nMFSA 2015-90 Vulnerabilities found through code\n\t inspection\nMFSA 2015-91 Mozilla Content Security Policy allows for\n\t asterisk wildcards in violation of CSP specification\nMFSA 2015-92 Use-after-free in XMLHttpRequest with shared\n\t workers\n\n", "edition": 4, "modified": "2015-08-22T00:00:00", "published": "2015-08-11T00:00:00", "id": "C66A5632-708A-4727-8236-D65B2D5B2739", "href": "https://vuxml.freebsd.org/freebsd/c66a5632-708a-4727-8236-d65b2d5b2739.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "- CVE-2015-4473 (Memory safety bugs fixed in Firefox ESR 38.2 and\nFirefox 40):\n\nGary Kwong, Christian Holler, and Byron Campen reported memory safety\nproblems and crashes that affect Firefox ESR 38.1 and Firefox 39.\n\n- CVE-2015-4474 (Memory safety bugs fixed in Firefox 40):\n\nTyson Smith, Bobby Holley, Chris Coulson, Byron Campen, and Eric Rahm\nreported memory safety problems and crashes that affect Firefox 39.\n\n- CVE-2015-4475 (out of bounds read at mozilla::AudioSink):\n\nSecurity researcher Aki Helin used the Address Sanitizer tool to\ndiscover an out-of-bounds read during playback of a malformed MP3 format\naudio file which switches sample formats. This could trigger a\npotentially exploitable crash or the reading of out-of-bounds memory\ncontent in some circumstances.\n\n- CVE-2015-4477 (MediaStream use-after-free):\n\nSecurity researcher SkyLined reported a use-after-free issue in how\naudio is handled through the Web Audio API during MediaStream playback\nthrough interactions with the Web Audio API. This results in a\npotentially exploitable crash.\n\n- CVE-2015-4478 (JSON.parse with reviver allows redefining\nnon-configurable properties):\n\nSecurity researcher André Bargull reported non-configurable properties\non JavaScript objects can be redefined while parsing JSON in violation\nof the ECMAScript 6 standard. This allows malicious web content to\nbypass same-origin policy by editing these properties to arbitrary values.\n\n- CVE-2015-4479 (MPEG4 saio Chunk Integer Overflow (libstagefright)):\n\nAn anonymous researcher reported, via TippingPoint's Zero Day\nInitiative, reported two integer overflows that could be triggered by a\nmalicious 'saio' chunk in an MPEG4 video, leading to potential arbitrary\ncode execution. This issue was independently reported by security\nresearcher laf.intel.\n\n- CVE-2015-4480 (crash in [@ stagefright::SampleTable::isValid() ] with\nh264 mp4):\n\nSecurity researcher Massimiliano Tomassoli discovered an integer\noverflow issue when parsing an invalid MPEG4 video.\n\n- CVE-2015-4482 (Out of bounds write in mar_read.c):\n\nSecurity researcher Holger Fuhrmannek reported that if the Updater opens\na MAR format file with a specially crafted name, an out-of-bounds write\nwill occur. This can lead to a potentially exploitable crash but\nrequires that the malicious MAR format file be present on the local\nsystem and the Updater to be run to use it.\n\n- CVE-2015-4483 (feed: protocol + POST method => mixed scripting):\n\nSecurity researcher Masato Kinugawa reported that opening a target page\nusing a POST to the url prefixed with the feed: protocol disables the\nmixed content blocker for that page. This could allow for the risk of a\nman-in-the-middle (MITM) scripting attack on pages that accidentally\ninclude insecure content which would otherwise be blocked.\n\n- CVE-2015-4484 (crash in void\njs::jit::AssemblerX86Shared::lock_addl<js::jit::Imm32>):\n\nSecurity researcher Jukka Jylänki reported a crash that occurs because\nJavaScript, when using shared memory, does not properly gate access to\nAtomics or SharedArrayBuffer views in some contexts. This leads to a\nnon-exploitable crash.\n\n- CVE-2015-4485 (Heap-buffer-overflow WRITE in resize_context_buffers),\n- CVE-2015-4486 (Out of bounds read in decrease_ref_count):\n\nSecurity researcher Abhishek Arya (Inferno) of the Google Chrome\nSecurity Team used the Address Sanitizer tool to discover two buffer\noverflow issues in the Libvpx library used for WebM video when decoding\na malformed WebM video file. These buffer overflows result in\npotentially exploitable crashes.\n\n- CVE-2015-4487 (Overflow nsTSubstring::ReplacePrep causes memory-safety\nbugs in string library),\n- CVE-2015-4488 (StyleAnimationValue::operator= uses objects after\ndelete on self-assignment),\n- CVE-2015-4489 (Self-assignment in nsTArray_Impl causes memory-safety bug):\n\nSecurity researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These\nincluded one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\n\n- CVE-2015-4490 (Mozilla Content Security Policy allows for asterisk\nwildcards in violation of CSP specification):\n\nMozilla security engineer Christoph Kerschbaumer reported a discrepancy\nin Mozilla's implementation of Content Security Policy and the CSP\nspecification. The specification states that blob:, data:, and\nfilesystem: URLs should be excluded in case of a wildcard when matching\nsource expressions but Mozilla's implementation allows these in the case\nof an asterisk wildcard. This could allow for more permissive CSP usage\nthan expected by a web developer, possibly allowing for cross-site\nscripting (XSS) attacks.\n\n- CVE-2015-4491 (gdk-pixbuf heap overflow and DoS affecting Firefox):\n\nSecurity researcher Gustavo Grieco reported a heap overflow in\ngdk-pixbuf affecting Linux systems using Gnome. This issue is triggered\nby the scaling of a malformed bitmap format image and results in a\npotentially exploitable crash.\n\n- CVE-2015-4492 (Use-after-free in XMLHttpRequest with shared workers):\n\nSecurity researcher Looben Yang discovered a use-after-free\nvulnerability when recursively calling .open() on an XMLHttpRequest in a\nSharedWorker.\n\n- CVE-2015-4493 (Stagefright: heap-buffer-overflow crash\n[@stagefright::ESDS::parseESDescriptor]):\n\nMozilla security engineer Tyson Smith used the Address Sanitizer to find\na buffer overflow when parsing an MPEG4 video with an invalid size in an\nESDS chunk lead to memory corruption.", "modified": "2015-08-12T00:00:00", "published": "2015-08-12T00:00:00", "id": "ASA-201508-4", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html", "type": "archlinux", "title": "firefox: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:35", "bulletinFamily": "info", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4481", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-4491", "CVE-2015-4475", "CVE-2015-4482"], "description": "### *Detect date*:\n08/11/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, conduct CSS attack, gain privileges or execute arbitrary code.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 40.0 \nMozilla Firefox ESR versions earlier than 38.2\n\n### *Solution*:\nUpdate to the latest version \n[Get Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/>) \n[Get Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisories](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2015-4493](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4493>)9.3Critical \n[CVE-2015-4492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492>)7.5Critical \n[CVE-2015-4491](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491>)6.8High \n[CVE-2015-4490](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4490>)4.3Warning \n[CVE-2015-4489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489>)7.5Critical \n[CVE-2015-4488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488>)7.5Critical \n[CVE-2015-4487](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487>)7.5Critical \n[CVE-2015-4486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486>)10.0Critical \n[CVE-2015-4485](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485>)10.0Critical \n[CVE-2015-4484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484>)5.0Critical \n[CVE-2015-4483](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4483>)4.3Warning \n[CVE-2015-4482](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4482>)4.6Warning \n[CVE-2015-4481](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4481>)3.3Warning \n[CVE-2015-4480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4480>)9.3Critical \n[CVE-2015-4479](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479>)10.0Critical \n[CVE-2015-4478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478>)5.0Critical \n[CVE-2015-4477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4477>)10.0Critical \n[CVE-2015-4475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475>)7.5Critical \n[CVE-2015-4474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474>)10.0Critical \n[CVE-2015-4473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473>)10.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 42, "modified": "2020-06-18T00:00:00", "published": "2015-08-11T00:00:00", "id": "KLA10643", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10643", "title": "\r KLA10643Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2015-4488", "CVE-2015-4481", "CVE-2015-4497", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-4474", "CVE-2015-2744", "CVE-2015-4480", "CVE-2015-4484", "CVE-2015-4479", "CVE-2015-4492", "CVE-2015-4490", "CVE-2015-4495", "CVE-2015-4483", "CVE-2015-4493", "CVE-2015-4494", "CVE-2015-4477", "CVE-2015-4487", "CVE-2015-4473", "CVE-2015-2745", "CVE-2015-4491", "CVE-2015-4496", "CVE-2015-4498", "CVE-2015-4475", "CVE-2015-4482"], "description": "Restrictions bypass, memory corruptions.", "edition": 1, "modified": "2015-08-31T00:00:00", "published": "2015-08-31T00:00:00", "id": "SECURITYVULNS:VULN:14623", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14623", "title": "Mozilla Firefox / Thunderbird / Seamonkey / Firefox OS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:10", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2016-1953", "CVE-2015-4488", "CVE-2016-2790", "CVE-2016-1971", "CVE-2015-4481", "CVE-2015-2713", "CVE-2016-1945", "CVE-2016-1957", "CVE-2016-1949", "CVE-2016-1946", "CVE-2015-7181", "CVE-2016-1948", "CVE-2015-2714", "CVE-2016-1972", "CVE-2015-2717", "CVE-2016-1933", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-1938", "CVE-2016-2797", "CVE-2015-2712", "CVE-2016-1944", "CVE-2016-1960", "CVE-2015-2711", "CVE-2015-2716", "CVE-2016-1959", "CVE-2016-1931", "CVE-2016-1937", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-2718", "CVE-2015-4474", "CVE-2015-2710", "CVE-2015-4480", "CVE-2015-7182", "CVE-2015-4484", "CVE-2015-4479", "CVE-2016-1966", "CVE-2015-4492", "CVE-2015-4490", "CVE-2016-1947", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1942", "CVE-2016-1979", "CVE-2016-1969", "CVE-2015-7183", "CVE-2015-4483", "CVE-2015-4493", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1943", "CVE-2016-1952", "CVE-2015-2709", "CVE-2016-1978", "CVE-2015-4477", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2015-4487", "CVE-2016-2793", "CVE-2016-1523", "CVE-2015-4473", "CVE-2015-2708", "CVE-2016-1940", "CVE-2016-1961", "CVE-2016-1930", "CVE-2016-1935", "CVE-2016-1976", "CVE-2015-4491", "CVE-2016-1939", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2015-4475", "CVE-2016-1964", "CVE-2015-4482", "CVE-2015-2715", "CVE-2016-1941", "CVE-2016-1958"], "description": "### Background\n\nMozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.22.2\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-38.7.0\"\n \n\nAll users of the Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-38.7.0\"\n \n\nAll Firefox 38.7.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-38.7.0\"\n \n\nAll users of the Firefox 38.7.x binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-38.7.0\"", "edition": 1, "modified": "2016-05-31T00:00:00", "published": "2016-05-31T00:00:00", "id": "GLSA-201605-06", "href": "https://security.gentoo.org/glsa/201605-06", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}