{"id": "CVE-2017-7823", "bulletinFamily": "NVD", "title": "CVE-2017-7823", "description": "The content security policy (CSP) \"sandbox\" directive did not create a unique origin for the document, causing it to behave as if the \"allow-same-origin\" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.", "published": "2018-06-11T21:29:00", "modified": "2018-08-09T16:24:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7823", "reporter": "cve@mitre.org", "references": ["https://www.debian.org/security/2017/dsa-4014", "https://bugzilla.mozilla.org/show_bug.cgi?id=1396320", "https://access.redhat.com/errata/RHSA-2017:2831", "https://www.mozilla.org/security/advisories/mfsa2017-22/", "http://www.securitytracker.com/id/1039465", "https://www.mozilla.org/security/advisories/mfsa2017-23/", "https://security.gentoo.org/glsa/201803-14", "https://www.mozilla.org/security/advisories/mfsa2017-21/", "https://www.debian.org/security/2017/dsa-3987", "https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html", "http://www.securityfocus.com/bid/101059", "https://access.redhat.com/errata/RHSA-2017:2885"], "cvelist": ["CVE-2017-7823"], "type": "cve", "lastseen": "2020-12-09T20:13:37", "edition": 11, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2017:2831", "RHSA-2017:2885"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2831", "ELSA-2017-2885"]}, {"type": "nessus", "idList": ["VIRTUOZZO_VZLSA-2017-2885.NASL", "VIRTUOZZO_VZLSA-2017-2831.NASL", "SL_20171012_THUNDERBIRD_ON_SL6_X.NASL", "SL_20170929_FIREFOX_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2017-2885.NASL", "EULEROS_SA-2017-1249.NASL", "CENTOS_RHSA-2017-2831.NASL", "ORACLELINUX_ELSA-2017-2831.NASL", "MOZILLA_FIREFOX_52_4_ESR.NASL", "REDHAT-RHSA-2017-2831.NASL"]}, {"type": "centos", "idList": ["CESA-2017:2885", "CESA-2017:2831"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220171249", "OPENVAS:1361412562310882778", "OPENVAS:1361412562310851624", "OPENVAS:1361412562310812034", "OPENVAS:1361412562310882786", "OPENVAS:1361412562310812009", "OPENVAS:1361412562310882777", "OPENVAS:1361412562310882785", "OPENVAS:1361412562311220171248", "OPENVAS:1361412562310703987"]}, {"type": "archlinux", "idList": ["ASA-201710-19"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3987-1:D7A2C", "DEBIAN:DLA-1118-1:2A1EE", "DEBIAN:DLA-1153-1:BC79D", "DEBIAN:DSA-4014-1:790B0"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2707-1", "OPENSUSE-SU-2017:2615-1", "SUSE-SU-2017:2872-2", "SUSE-SU-2017:2872-1", "OPENSUSE-SU-2017:2710-1", "SUSE-SU-2017:2688-1"]}, {"type": "ubuntu", "idList": ["USN-3435-1", "USN-3435-2", "USN-3436-1"]}, {"type": "kaspersky", "idList": ["KLA11116", "KLA11109"]}, {"type": "freebsd", "idList": ["1098A15B-B0F6-42B7-B5C7-8A8646E8BE07"]}, {"type": "gentoo", "idList": ["GLSA-201803-14", "GLSA-201802-03"]}], "modified": "2020-12-09T20:13:37", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2020-12-09T20:13:37", "rev": 2}, "vulnersScore": 4.7}, "cpe": ["cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:debian:debian_linux:9.0"], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_server_eus", "name": "redhat enterprise linux server eus", "operator": "eq", "version": "7.5"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "7.0"}, {"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "mozilla:thunderbird", "name": "mozilla thunderbird", "operator": "lt", "version": "52.4.0"}, {"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "8.0"}, {"cpeName": "redhat:enterprise_linux_server_eus", "name": "redhat enterprise linux server eus", "operator": "eq", "version": "7.4"}, {"cpeName": "redhat:enterprise_linux_server_aus", "name": "redhat enterprise linux server aus", "operator": "eq", "version": "7.4"}, {"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "7.0"}, {"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "7.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "9.0"}, {"cpeName": "mozilla:firefox", "name": "mozilla firefox", "operator": "lt", "version": "56.0"}, {"cpeName": "mozilla:firefox_esr", "name": "mozilla firefox esr", "operator": "lt", "version": "52.4.0"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "7.0"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:52.4.0:*:*:*:*:*:*:*", "versionEndExcluding": "52.4.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*", "versionEndExcluding": "52.4.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*", "versionEndExcluding": "56.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"nessus": [{"lastseen": "2021-01-01T03:50:06", "description": "The version of Mozilla Firefox ESR installed on the remote Windows\nhost is prior to 52.4. It is, therefore, affected by multiple vulnerabilities,\nsome of which allow code execution and potentially exploitable crashes.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-06T00:00:00", "title": "Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_52_4_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/103679", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103679);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-7793\",\n \"CVE-2017-7805\",\n \"CVE-2017-7810\",\n \"CVE-2017-7818\",\n \"CVE-2017-7819\",\n \"CVE-2017-7823\",\n \"CVE-2017-7824\"\n );\n script_bugtraq_id(101053, 101054, 101055);\n script_xref(name:\"MFSA\", value:\"2017-22\");\n\n script_name(english:\"Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote Windows\nhost is prior to 52.4. It is, therefore, affected by multiple vulnerabilities,\nsome of which allow code execution and potentially exploitable crashes.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 52.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7810\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'52.4', min:'52', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-31T20:11:48", "description": "An update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-7810, CVE-2017-7793,\nCVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\nCVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-29T00:00:00", "title": "RHEL 6 / 7 : firefox (RHSA-2017:2831)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "modified": "2017-09-29T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-2831.NASL", "href": "https://www.tenable.com/plugins/nessus/103561", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2831. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103561);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_xref(name:\"RHSA\", value:\"2017:2831\");\n\n script_name(english:\"RHEL 6 / 7 : firefox (RHSA-2017:2831)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-7810, CVE-2017-7793,\nCVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\nCVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7824\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2831\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-52.4.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-52.4.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-52.4.0-1.el7_4\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-52.4.0-1.el7_4\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:31:40", "description": "An update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-7810, CVE-2017-7793,\nCVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\nCVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.", "edition": 33, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-02T00:00:00", "title": "CentOS 6 / 7 : firefox (CESA-2017:2831)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "modified": "2017-10-02T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS_RHSA-2017-2831.NASL", "href": "https://www.tenable.com/plugins/nessus/103573", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2831 and \n# CentOS Errata and Security Advisory 2017:2831 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103573);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_xref(name:\"RHSA\", value:\"2017:2831\");\n\n script_name(english:\"CentOS 6 / 7 : firefox (CESA-2017:2831)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-7810, CVE-2017-7793,\nCVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\nCVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-September/022551.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e375a753\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-September/022553.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e3f70bc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7810\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-52.4.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-52.4.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:14:40", "description": "An update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-7810, CVE-2017-7793,\nCVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\nCVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, FranASSois Marier, and Jun\nKokatsu as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-27T00:00:00", "title": "Virtuozzo 6 : firefox (VZLSA-2017-2831)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "modified": "2018-11-27T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:firefox", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-2831.NASL", "href": "https://www.tenable.com/plugins/nessus/119228", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119228);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-7793\",\n \"CVE-2017-7810\",\n \"CVE-2017-7814\",\n \"CVE-2017-7818\",\n \"CVE-2017-7819\",\n \"CVE-2017-7823\",\n \"CVE-2017-7824\"\n );\n\n script_name(english:\"Virtuozzo 6 : firefox (VZLSA-2017-2831)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-7810, CVE-2017-7793,\nCVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\nCVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, FranASSois Marier, and Jun\nKokatsu as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-2831.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9397718d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:2831\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-52.4.0-1.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:52:37", "description": "According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2017-7810, CVE-2017-7793,\n CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,\n CVE-2017-7814, CVE-2017-7823)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-19T00:00:00", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1248)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "modified": "2017-10-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1248.NASL", "href": "https://www.tenable.com/plugins/nessus/103939", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103939);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7793\",\n \"CVE-2017-7810\",\n \"CVE-2017-7814\",\n \"CVE-2017-7818\",\n \"CVE-2017-7819\",\n \"CVE-2017-7823\",\n \"CVE-2017-7824\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1248)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2017-7810, CVE-2017-7793,\n CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,\n CVE-2017-7814, CVE-2017-7823)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1248\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec6e43b5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-52.4.0-1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:31:42", "description": "An update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-7810,\nCVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,\nCVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-13T00:00:00", "title": "CentOS 6 / 7 : thunderbird (CESA-2017:2885)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "modified": "2017-10-13T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS_RHSA-2017-2885.NASL", "href": "https://www.tenable.com/plugins/nessus/103826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2885 and \n# CentOS Errata and Security Advisory 2017:2885 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103826);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_xref(name:\"RHSA\", value:\"2017:2885\");\n\n script_name(english:\"CentOS 6 / 7 : thunderbird (CESA-2017:2885)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-7810,\nCVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,\nCVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022566.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ba0972d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022567.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7fc03e2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7810\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-52.4.0-2.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-52.4.0-2.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:51:48", "description": "From Red Hat Security Advisory 2017:2831 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-7810, CVE-2017-7793,\nCVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\nCVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-29T00:00:00", "title": "Oracle Linux 6 / 7 : firefox (ELSA-2017-2831)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "modified": "2017-09-29T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2831.NASL", "href": "https://www.tenable.com/plugins/nessus/103558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2831 and \n# Oracle Linux Security Advisory ELSA-2017-2831 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103558);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_xref(name:\"RHSA\", value:\"2017:2831\");\n\n script_name(english:\"Oracle Linux 6 / 7 : firefox (ELSA-2017-2831)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2017:2831 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-7810, CVE-2017-7793,\nCVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\nCVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-September/007234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-September/007236.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"firefox-52.4.0-1.0.1.el6_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-52.4.0-1.0.1.el7_4\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:50:13", "description": "This update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818,\n CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\n CVE-2017-7823)", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-02T00:00:00", "title": "Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20170929)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "modified": "2017-10-02T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170929_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/103594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103594);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20170929)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818,\n CVE-2017-7819, CVE-2017-7824, CVE-2017-7814,\n CVE-2017-7823)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1709&L=scientific-linux-errata&F=&S=&P=3809\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d87a021\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-52.4.0-1.el6_9\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-52.4.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-52.4.0-1.el7_4\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-52.4.0-1.el7_4\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:51:49", "description": "From Red Hat Security Advisory 2017:2885 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-7810,\nCVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,\nCVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-13T00:00:00", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2017-2885)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "modified": "2017-10-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2885.NASL", "href": "https://www.tenable.com/plugins/nessus/103829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2885 and \n# Oracle Linux Security Advisory ELSA-2017-2885 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103829);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_xref(name:\"RHSA\", value:\"2017:2885\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2017-2885)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2017:2885 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-7810,\nCVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,\nCVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason\nKratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst,\nAbhishek Arya, Nils, Omair, Andre Weissflog, Francois Marier, and Jun\nKokatsu as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007264.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007265.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-52.4.0-2.0.1.el6_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-52.4.0-2.0.1.el7_4\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:50:14", "description": "This update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Thunderbird to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2017-7810, CVE-2017-7793,\n CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,\n CVE-2017-7814, CVE-2017-7823)", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-13T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20171012)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "modified": "2017-10-13T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171012_THUNDERBIRD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/103831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103831);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20171012)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Thunderbird to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2017-7810, CVE-2017-7793,\n CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,\n CVE-2017-7814, CVE-2017-7823)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=10309\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?076dd994\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-52.4.0-2.el6_9\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-52.4.0-2.el6_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-52.4.0-2.el7_4\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-52.4.0-2.el7_4\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2017-10-13T00:00:00", "id": "OPENVAS:1361412562310882786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882786", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2017:2885 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2885_thunderbird_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for thunderbird CESA-2017:2885 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882786\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-13 08:35:47 +0200 (Fri, 13 Oct 2017)\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\",\n \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:2885 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and\nnewsgroup client.\n\nThis update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819,\nCVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell\nJesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils,\nOmair, Andre Weissflog, Francois Marier, and Jun Kokatsu as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2885\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022567.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.4.0~2.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:33:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171248", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1248)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1248\");\n script_version(\"2020-01-23T11:01:13+0000\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1248)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1248\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1248\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2017-1248 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.4.0~1.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171249", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1249)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1249\");\n script_version(\"2020-01-23T11:01:19+0000\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:19 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1249)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1249\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1249\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2017-1249 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.4.0~1.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-10-05T00:00:00", "id": "OPENVAS:1361412562310882778", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882778", "type": "openvas", "title": "CentOS Update for firefox CESA-2017:2831 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2831_firefox_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for firefox CESA-2017:2831 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882778\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-05 11:55:18 +0530 (Thu, 05 Oct 2017)\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\",\n \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:2831 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819,\nCVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell\nJesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils,\nOmair, Andre Weissflog, Francois Marier, and Jun Kokatsu as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2831\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-September/022551.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.4.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-10-05T00:00:00", "id": "OPENVAS:1361412562310812009", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812009", "type": "openvas", "title": "RedHat Update for firefox RHSA-2017:2831-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2831-01_firefox.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for firefox RHSA-2017:2831-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812009\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-05 11:54:55 +0530 (Thu, 05 Oct 2017)\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\",\n \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2017:2831-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819,\nCVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell\nJesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils,\nOmair, Andre Weissflog, Franois Marier, and Jun Kokatsu as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2831-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-September/msg00069.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.4.0~1.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~52.4.0~1.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.4.0~1.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~52.4.0~1.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-10-05T00:00:00", "id": "OPENVAS:1361412562310882777", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882777", "type": "openvas", "title": "CentOS Update for firefox CESA-2017:2831 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2831_firefox_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for firefox CESA-2017:2831 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882777\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-05 11:55:11 +0530 (Thu, 05 Oct 2017)\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\",\n \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:2831 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819,\nCVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell\nJesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils,\nOmair, Andre Weissflog, Francois Marier, and Jun Kokatsu as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2831\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-September/022553.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.4.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2017-10-13T00:00:00", "id": "OPENVAS:1361412562310882785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882785", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2017:2885 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2885_thunderbird_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for thunderbird CESA-2017:2885 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882785\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-13 08:35:31 +0200 (Fri, 13 Oct 2017)\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\",\n \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:2885 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819,\nCVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell\nJesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils,\nOmair, Andre Weissflog, Francois Marier, and Jun Kokatsu as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2885\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022566.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.4.0~2.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-10-12T00:00:00", "id": "OPENVAS:1361412562310812034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812034", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2017:2885-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2885-01_thunderbird.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for thunderbird RHSA-2017:2885-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812034\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:24:26 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\",\n \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2017:2885-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\n and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819,\nCVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell\nJesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils,\nOmair, Andre Weissflog, Franois Marier, and Jun Kokatsu as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2885-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00011.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.4.0~2.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~52.4.0~2.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Multiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code or denial of service.", "modified": "2019-03-18T00:00:00", "published": "2017-11-01T00:00:00", "id": "OPENVAS:1361412562310704014", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704014", "type": "openvas", "title": "Debian Security Advisory DSA 4014-1 (thunderbird - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4014.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4014-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704014\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7805\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\", \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\");\n script_name(\"Debian Security Advisory DSA 4014-1 (thunderbird - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 00:00:00 +0100 (Wed, 01 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4014.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"thunderbird on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 1:52.4.0-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:52.4.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code or denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-dsb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hsb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-kab\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ast\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-dsb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hsb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-kab\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:52.4.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-dsb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hsb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-kab\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ast\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-dsb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hsb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-kab\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:52.4.0-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-10-12T00:00:00", "id": "OPENVAS:1361412562310843338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843338", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-3436-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3436_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-3436-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843338\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:27:47 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\",\n \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\", \"CVE-2017-7805\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-3436-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n Thunderbird. If a user were tricked in to opening a specially crafted website in\n a browsing-like context, an attacker could potentially exploit these to read\n uninitialized memory, bypass phishing and malware protection, conduct cross-site\n scripting (XSS) attacks, cause a denial of service via application crash, or\n execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814,\n CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824) Martin Thomson\n discovered that NSS incorrectly generated handshake hashes. A remote attacker\n could potentially exploit this to cause a denial of service via application\n crash, or execute arbitrary code. (CVE-2017-7805)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3436-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3436-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.4.0+build1-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.4.0+build1-0ubuntu0.17.04.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.4.0+build1-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "[52.4.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version", "edition": 5, "modified": "2017-09-29T00:00:00", "published": "2017-09-29T00:00:00", "id": "ELSA-2017-2831", "href": "http://linux.oracle.com/errata/ELSA-2017-2831.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "[52.4.0-2.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[52.4.0-2]\n- Update to 52.4.0 (b2)", "edition": 6, "modified": "2017-10-12T00:00:00", "published": "2017-10-12T00:00:00", "id": "ELSA-2017-2885", "href": "http://linux.oracle.com/errata/ELSA-2017-2885.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7793", "CVE-2017-7810", "CVE-2017-7814", "CVE-2017-7818", "CVE-2017-7819", "CVE-2017-7823", "CVE-2017-7824"], "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils, Omair, Andre Weissflog, Fran\u00e7ois Marier, and Jun Kokatsu as the original reporters.", "modified": "2018-06-07T18:21:50", "published": "2017-09-28T22:56:55", "id": "RHSA-2017:2831", "href": "https://access.redhat.com/errata/RHSA-2017:2831", "type": "redhat", "title": "(RHSA-2017:2831) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7793", "CVE-2017-7810", "CVE-2017-7814", "CVE-2017-7818", "CVE-2017-7819", "CVE-2017-7823", "CVE-2017-7824"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils, Omair, Andre Weissflog, Fran\u00e7ois Marier, and Jun Kokatsu as the original reporters.", "modified": "2018-06-07T18:22:54", "published": "2017-10-12T02:55:46", "id": "RHSA-2017:2885", "href": "https://access.redhat.com/errata/RHSA-2017:2885", "type": "redhat", "title": "(RHSA-2017:2885) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:33:44", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "**CentOS Errata and Security Advisory** CESA-2017:2885\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.4.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils, Omair, Andre Weissflog, Fran\u00e7ois Marier, and Jun Kokatsu as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-October/034604.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-October/034605.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 5, "modified": "2017-10-12T12:36:45", "published": "2017-10-12T12:12:05", "id": "CESA-2017:2885", "href": "http://lists.centos.org/pipermail/centos-announce/2017-October/034604.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:38:51", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "**CentOS Errata and Security Advisory** CESA-2017:2831\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.4.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils, Omair, Andre Weissflog, Fran\u00e7ois Marier, and Jun Kokatsu as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-September/034589.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-September/034591.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "edition": 5, "modified": "2017-09-29T19:47:05", "published": "2017-09-29T19:44:59", "id": "CESA-2017:2831", "href": "http://lists.centos.org/pipermail/centos-announce/2017-September/034591.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7793", "CVE-2017-7805", "CVE-2017-7810", "CVE-2017-7814", "CVE-2017-7818", "CVE-2017-7819", "CVE-2017-7823", "CVE-2017-7824"], "description": "Arch Linux Security Advisory ASA-201710-19\n==========================================\n\nSeverity: Critical\nDate : 2017-10-12\nCVE-ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814\nCVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824\nPackage : thunderbird\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-441\n\nSummary\n=======\n\nThe package thunderbird before version 52.4.0-1 is vulnerable to\nmultiple issues including arbitrary code execution, access restriction\nbypass and cross-site scripting.\n\nResolution\n==========\n\nUpgrade to 52.4.0-1.\n\n# pacman -Syu \"thunderbird>=52.4.0-1\"\n\nThe problems have been fixed upstream in version 52.4.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-7793 (arbitrary code execution)\n\nA use-after-free vulnerability can occur in the Fetch API of\nThunderbird < 52.4, when the worker or the associated window are freed\nwhen still in use, resulting in a potentially exploitable crash.\n\n- CVE-2017-7805 (arbitrary code execution)\n\nA security issue has been found in Thunderbird < 52.4. During TLS 1.2\nexchanges, handshake hashes are generated which point to a message\nbuffer. This saved data is used for later messages but in some cases,\nthe handshake transcript can exceed the space available in the current\nbuffer, causing the allocation of a new buffer. This leaves a pointer\npointing to the old, freed buffer, resulting in a use-after-free when\nhandshake hashes are then calculated afterwards. This can result in a\npotentially exploitable crash.\n\n- CVE-2017-7810 (arbitrary code execution)\n\nMozilla developers and community members Christoph Diehl, Jan de Mooij,\nJason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian\nHengst reported memory safety bugs present in Firefox <= 55, Firefox\nESR <= 52.3, and Thunderbird <= 52.3. Some of these bugs showed\nevidence of memory corruption and we presume that with enough effort\nthat some of these could be exploited to run arbitrary code.\n\n- CVE-2017-7814 (access restriction bypass)\n\nA security issue has been found in Thunderbird < 52.4. File downloads\nencoded with blob: and data: URL elements bypassed normal file download\nchecks though the Phishing and Malware Protection feature and its block\nlists of suspicious sites and files. This would allow malicious sites\nto lure users into downloading executables that would otherwise be\ndetected as suspicious.\n\n- CVE-2017-7818 (arbitrary code execution)\n\nA use-after-free vulnerability can occur when manipulating arrays of\nAccessible Rich Internet Applications (ARIA) elements within containers\nthrough the DOM, in Thunderbird < 52.4. This results in a potentially\nexploitable crash.\n\n- CVE-2017-7819 (arbitrary code execution)\n\nA use-after-free vulnerability can occur in design mode when image\nobjects are resized if objects referenced during the resizing have been\nfreed from memory, in Thunderbird < 52.4. This results in a potentially\nexploitable crash.\n\n- CVE-2017-7823 (cross-site scripting)\n\nThe content security policy (CSP) sandbox directive in Thunderbird <\n52.4 did not create a unique origin for the document, causing it to\nbehave as if the allow-same-origin keyword were always specified. This\ncould allow a Cross-Site Scripting (XSS) attack to be launched from\nunsafe content.\n\n- CVE-2017-7824 (arbitrary code execution)\n\nA buffer overflow occurs when drawing and validating elements with the\nANGLE graphics library, used for WebGL content in Thunderbird < 52.4.\nThis is due to an incorrect value being passed within the library\nduring checks and results in a potentially exploitable crash.\n\nImpact\n======\n\nA remote attacker can bypass security measures like the phishing and\nmalware protection or a content security policy, and execute arbitrary\ncode on the affected host.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1371889\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1377618\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1376036\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1363723\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1380292\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1396320\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1398381\nhttps://security.archlinux.org/CVE-2017-7793\nhttps://security.archlinux.org/CVE-2017-7805\nhttps://security.archlinux.org/CVE-2017-7810\nhttps://security.archlinux.org/CVE-2017-7814\nhttps://security.archlinux.org/CVE-2017-7818\nhttps://security.archlinux.org/CVE-2017-7819\nhttps://security.archlinux.org/CVE-2017-7823\nhttps://security.archlinux.org/CVE-2017-7824", "modified": "2017-10-12T00:00:00", "published": "2017-10-12T00:00:00", "id": "ASA-201710-19", "href": "https://security.archlinux.org/ASA-201710-19", "type": "archlinux", "title": "[ASA-201710-19] thunderbird: multiple issues", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-10-02T19:53:49", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6,\n fixes security issues and bugs.\n\n The following vulnerabilities advised upstream under MFSA 2017-22\n (boo#1060445) were fixed:\n\n - CVE-2017-7793: Use-after-free with Fetch API\n - CVE-2017-7818: Use-after-free during ARIA array manipulation\n - CVE-2017-7819: Use-after-free while resizing images in design mode\n - CVE-2017-7824: Buffer overflow when drawing and validating elements with\n ANGLE\n - CVE-2017-7814: Blob and data URLs bypass phishing and malware protection\n warnings\n - CVE-2017-7823: CSP sandbox directive did not create a unique origin\n - CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR\n 52.4\n\n The following security issue was fixed in Mozilla NSS 3.28.6:\n\n - CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes\n (bsc#1061005)\n\n The following bug was fixed:\n\n - boo#1029917: language accept header use incorrect locale\n\n For compatibility reasons, java-1_8_0-openjdk was rebuilt to the updated\n version of NSS.\n\n", "edition": 1, "modified": "2017-10-02T18:09:14", "published": "2017-10-02T18:09:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00002.html", "id": "OPENSUSE-SU-2017:2615-1", "title": "Security update for Mozilla Firefox and NSS (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-27T20:32:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n Mozilla Firefox was updated to ESR 52.4 (bsc#1060445)\n\n * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic\n unicode characters as spaces\n * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating\n handshake hashes\n * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in\n design mode\n * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation\n * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API\n * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating\n elements with ANGLE\n * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and\n Firefox ESR 52.4\n * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a\n unique origin\n * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and\n malware protection warnings\n\n Mozilla Network Security Services (Mozilla NSS) received a security fix:\n\n * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating\n handshake hashes (bsc#1061005, bsc#1060445)\n\n", "edition": 1, "modified": "2017-10-27T18:54:21", "published": "2017-10-27T18:54:21", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00079.html", "id": "SUSE-SU-2017:2872-1", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-11-14T00:33:44", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n Mozilla Firefox was updated to ESR 52.4 (bsc#1060445)\n\n * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic\n unicode characters as spaces\n * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating\n handshake hashes\n * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in\n design mode\n * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation\n * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API\n * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating\n elements with ANGLE\n * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and\n Firefox ESR 52.4\n * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a\n unique origin\n * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and\n malware protection warnings\n\n Mozilla Network Security Services (Mozilla NSS) received a security fix:\n\n * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating\n handshake hashes (bsc#1061005, bsc#1060445)\n\n", "edition": 1, "modified": "2017-11-13T21:08:19", "published": "2017-11-13T21:08:19", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00024.html", "id": "SUSE-SU-2017:2872-2", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-10T17:54:31", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "This update for MozillaFirefox to ESR 52.4, mozilla-nss fixes the\n following issues:\n\n This security issue was fixed for mozilla-nss:\n\n - CVE-2017-7805: Prevent use-after-free in TLS 1.2 when generating\n handshake hashes (bsc#1061005)\n\n These security issues were fixed for Firefox\n\n - CVE-2017-7825: Fixed some Tibetan and Arabic unicode characters\n rendering (bsc#1060445).\n - CVE-2017-7805: Prevent Use-after-free in TLS 1.2 generating handshake\n hashes (bsc#1060445).\n - CVE-2017-7819: Prevent Use-after-free while resizing images in design\n mode (bsc#1060445).\n - CVE-2017-7818: Prevent Use-after-free during ARIA array manipulation\n (bsc#1060445).\n - CVE-2017-7793: Prevent Use-after-free with Fetch API (bsc#1060445).\n - CVE-2017-7824: Prevent Buffer overflow when drawing and validating\n elements with ANGLE (bsc#1060445).\n - CVE-2017-7810: Fixed several memory safety bugs (bsc#1060445).\n - CVE-2017-7823: CSP sandbox directive did not create a unique origin\n (bsc#1060445).\n - CVE-2017-7814: Blob and data URLs bypassed phishing and malware\n protection warnings (bsc#1060445).\n\n", "edition": 1, "modified": "2017-10-10T15:09:53", "published": "2017-10-10T15:09:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00008.html", "id": "SUSE-SU-2017:2688-1", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-12T01:54:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)\n * new behavior was introduced for replies to mailing list posts: &quot;When\n replying to a mailing list, reply will be sent to address in From\n header ignoring Reply-to header&quot;. A new preference\n mail.override_list_reply_to allows to restore the previous behavior.\n * Under certain circumstances (image attachment and non-image\n attachment), attached images were shown truncated in messages stored\n in IMAP folders not synchronised for offline use.\n * IMAP UIDs &gt; 0x7FFFFFFF now handled properly Security fixes from Gecko\n 52.4esr\n * CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API\n * CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array\n manipulation\n * CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in\n design mode\n * CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and\n validating elements with ANGLE\n * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free\n in TLS 1.2 generating handshake hashes\n * CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and\n malware protection warnings\n * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render\n some Tibetan and Arabic unicode characters as spaces\n * CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a\n unique origin\n * CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR\n 52.4\n\n - Add alsa-devel BuildRequires: we care for ALSA support to be built and\n thus need to ensure we get the dependencies in place. In the past,\n alsa-devel was pulled in by accident: we buildrequire libgnome-devel.\n This required esound-devel and that in turn pulled in alsa-devel for us.\n libgnome is being fixed to no longer require esound-devel.\n\n", "edition": 1, "modified": "2017-10-12T00:13:55", "published": "2017-10-12T00:13:55", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00014.html", "id": "OPENSUSE-SU-2017:2710-1", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-12T01:54:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)\n * new behavior was introduced for replies to mailing list posts: &quot;When\n replying to a mailing list, reply will be sent to address in From\n header ignoring Reply-to header&quot;. A new preference\n mail.override_list_reply_to allows to restore the previous behavior.\n * Under certain circumstances (image attachment and non-image\n attachment), attached images were shown truncated in messages stored\n in IMAP folders not synchronised for offline use.\n * IMAP UIDs &gt; 0x7FFFFFFF now handled properly Security fixes from Gecko\n 52.4esr\n * CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API\n * CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array\n manipulation\n * CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in\n design mode\n * CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and\n validating elements with ANGLE\n * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free\n in TLS 1.2 generating handshake hashes\n * CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and\n malware protection warnings\n * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render\n some Tibetan and Arabic unicode characters as spaces\n * CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a\n unique origin\n * CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR\n 52.4\n\n - Add alsa-devel BuildRequires: we care for ALSA support to be built and\n thus need to ensure we get the dependencies in place. In the past,\n alsa-devel was pulled in by accident: we buildrequire libgnome-devel.\n This required esound-devel and that in turn pulled in alsa-devel for us.\n libgnome is being fixed to no longer require esound-devel.\n\n", "edition": 1, "modified": "2017-10-12T00:11:14", "published": "2017-10-12T00:11:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00013.html", "id": "OPENSUSE-SU-2017:2707-1", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2020-07-02T11:44:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Multiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted website in a browsing-like \ncontext, an attacker could potentially exploit these to read uninitialized \nmemory, bypass phishing and malware protection, conduct cross-site \nscripting (XSS) attacks, cause a denial of service via application crash, \nor execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, \nCVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824)\n\nMartin Thomson discovered that NSS incorrectly generated handshake hashes. \nA remote attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2017-7805)", "edition": 6, "modified": "2017-10-11T00:00:00", "published": "2017-10-11T00:00:00", "id": "USN-3436-1", "href": "https://ubuntu.com/security/notices/USN-3436-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:43:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7822", "CVE-2017-7815", "CVE-2017-7821", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7820", "CVE-2017-7813", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7819", "CVE-2017-7816", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash \nplugin to crash in some circumstances. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, obtain sensitive \ninformation, bypass phishing and malware protection, spoof the origin in \nmodal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial \nof service via application crash, or execute arbitrary code. \n(CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, \nCVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, \nCVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824)\n\nMartin Thomson discovered that NSS incorrectly generated handshake hashes. \nA remote attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2017-7805)\n\nMultiple security issues were discovered in WebExtensions. If a user were \ntricked in to installing a specially crafted extension, an attacker could \npotentially exploit these to download and open non-executable files \nwithout interaction, or obtain elevated privileges. (CVE-2017-7816, \nCVE-2017-7821)", "edition": 7, "modified": "2017-10-04T00:00:00", "published": "2017-10-04T00:00:00", "id": "USN-3435-2", "href": "https://ubuntu.com/security/notices/USN-3435-2", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:42:40", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7822", "CVE-2017-7815", "CVE-2017-7821", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7820", "CVE-2017-7813", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7819", "CVE-2017-7816", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Multiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, obtain sensitive \ninformation, bypass phishing and malware protection, spoof the origin in \nmodal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial \nof service via application crash, or execute arbitrary code. \n(CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, \nCVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, \nCVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824)\n\nMartin Thomson discovered that NSS incorrectly generated handshake hashes. \nA remote attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2017-7805)\n\nMultiple security issues were discovered in WebExtensions. If a user were \ntricked in to installing a specially crafted extension, an attacker could \npotentially exploit these to download and open non-executable files \nwithout interaction, or obtain elevated privileges. (CVE-2017-7816, \nCVE-2017-7821)", "edition": 7, "modified": "2017-10-02T00:00:00", "published": "2017-10-02T00:00:00", "id": "USN-3435-1", "href": "https://ubuntu.com/security/notices/USN-3435-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-01-11T01:29:47", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3987-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 29, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 \n CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824\n\nSeveral security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer\noverflows and other implementation errors may lead to the execution of\narbitrary code, denial of service, cross-site scripting or bypass of\nthe phishing and malware protection feature.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 52.4.0esr-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 52.4.0esr-1~deb9u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 23, "modified": "2017-09-29T21:52:28", "published": "2017-09-29T21:52:28", "id": "DEBIAN:DSA-3987-1:D7A2C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00249.html", "title": "[SECURITY] [DSA 3987-1] firefox-esr security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-17T13:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4014-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 01, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 \n CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824\n\nMultiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code or denial of service.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1:52.4.0-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:52.4.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 17, "modified": "2017-11-01T22:20:09", "published": "2017-11-01T22:20:09", "id": "DEBIAN:DSA-4014-1:790B0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00276.html", "title": "[SECURITY] [DSA 4014-1] thunderbird security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Package : firefox-esr\nVersion : 52.4.0esr-2~deb7u1\nCVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814\n CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824\n\nSeveral security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer\noverflows and other implementation errors may lead to the execution of\narbitrary code, denial of service, cross-site scripting or bypass of\nthe phishing and malware protection feature.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n52.4.0esr-2~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-09-30T16:57:30", "published": "2017-09-30T16:57:30", "id": "DEBIAN:DLA-1118-1:2A1EE", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201709/msg00035.html", "title": "[SECURITY] [DLA 1118-1] firefox-esr security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Package : thunderbird\nVersion : 1:52.4.0-1~deb7u1\nCVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 \n CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 \n CVE-2017-7825\n\nMultiple security issues have been found in the Mozilla Thunderbird mail\nclient: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to crashes or the execution of arbitrary\ncode.\n\nWith this update the source package name changes from icedove to\nthunderbird so icedove will not be mentioned anymore in future\nadvisories.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1:52.4.0-1~deb7u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-11-01T12:58:00", "published": "2017-11-01T12:58:00", "id": "DEBIAN:DLA-1153-1:BC79D", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201711/msg00000.html", "title": "[SECURITY] [DLA 1153-1] icedove/thunderbird security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:46:58", "bulletinFamily": "info", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "### *Detect date*:\n10/09/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting and execute arbitrary code.\n\n### *Affected products*:\nMozilla Thunderbird versions earlier than 52.4\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisory 2017-23](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2017-7793](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793>)9.8Critical \n[CVE-2017-7818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818>)9.8Critical \n[CVE-2017-7819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819>)9.8Critical \n[CVE-2017-7824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824>)9.8Critical \n[CVE-2017-7805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805>)7.5Critical \n[CVE-2017-7814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814>)7.8Critical \n[CVE-2017-7825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7825>)5.3High \n[CVE-2017-7823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823>)5.4High \n[CVE-2017-7810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810>)9.8Critical", "edition": 45, "modified": "2020-05-22T00:00:00", "published": "2017-10-09T00:00:00", "id": "KLA11116", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11116", "title": "\r KLA11116Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:45:38", "bulletinFamily": "info", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7822", "CVE-2017-7815", "CVE-2017-7825", "CVE-2017-7821", "CVE-2017-7817", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7820", "CVE-2017-7813", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7819", "CVE-2017-7816", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "### *Detect date*:\n09/28/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information and perform cross-site scripting.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 56 \nMozilla Firefox ESR versions earlier than 52.4\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Download Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MSFA 2017-22](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/>) \n[MSFA 2017-21](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2017-7793](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793>)9.8Critical \n[CVE-2017-7818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818>)9.8Critical \n[CVE-2017-7819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819>)9.8Critical \n[CVE-2017-7824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824>)9.8Critical \n[CVE-2017-7805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805>)7.5Critical \n[CVE-2017-7814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814>)7.8Critical \n[CVE-2017-7825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7825>)5.3High \n[CVE-2017-7823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823>)5.4High \n[CVE-2017-7810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810>)9.8Critical \n[CVE-2017-7817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7817>)5.0Critical \n[CVE-2017-7812](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7812>)5.0Critical \n[CVE-2017-7813](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7813>)6.4High \n[CVE-2017-7815](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7815>)5.0Critical \n[CVE-2017-7816](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7816>)5.0Critical \n[CVE-2017-7821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7821>)7.5Critical \n[CVE-2017-7822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7822>)5.0Critical \n[CVE-2017-7820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7820>)5.0Critical \n[CVE-2017-7811](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7811>)9.8Critical", "edition": 46, "modified": "2020-05-22T00:00:00", "published": "2017-09-28T00:00:00", "id": "KLA11109", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11109", "title": "\r KLA11109Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7822", "CVE-2017-7815", "CVE-2017-7825", "CVE-2017-7821", "CVE-2017-7817", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7820", "CVE-2017-7813", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7819", "CVE-2017-7816", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "\nMozilla Foundation reports:\n\nCVE-2017-7793: Use-after-free with Fetch API\nCVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode\nCVE-2017-7818: Use-after-free during ARIA array manipulation\nCVE-2017-7819: Use-after-free while resizing images in design mode\nCVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE\nCVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes\nCVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files\nCVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings\nCVE-2017-7813: Integer truncation in the JavaScript parser\nCVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces\nCVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations\nCVE-2017-7816: WebExtensions can load about: URLs in extension UI\nCVE-2017-7821: WebExtensions can download and open non-executable files without user interaction\nCVE-2017-7823: CSP sandbox directive did not create a unique origin\nCVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV\nCVE-2017-7820: Xray wrapper bypass with new tab and web console\nCVE-2017-7811: Memory safety bugs fixed in Firefox 56\nCVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4\n\n", "edition": 7, "modified": "2017-10-03T00:00:00", "published": "2017-09-28T00:00:00", "id": "1098A15B-B0F6-42B7-B5C7-8A8646E8BE07", "href": "https://vuxml.freebsd.org/freebsd/1098a15b-b0f6-42b7-b5c7-8a8646e8be07.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2018-04-04T07:02:03", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7847", "CVE-2017-7791", "CVE-2017-7784", "CVE-2017-7824", "CVE-2017-7800", "CVE-2017-7753", "CVE-2017-7801", "CVE-2017-7810", "CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2017-7825", "CVE-2018-5102", "CVE-2017-7828", "CVE-2017-7848", "CVE-2017-7802", "CVE-2017-7787", "CVE-2017-7805", "CVE-2017-7829", "CVE-2017-7779", "CVE-2017-7785", "CVE-2017-7823", "CVE-2018-5117", "CVE-2017-7807", "CVE-2018-5104", "CVE-2017-7809", "CVE-2018-5103", "CVE-2017-7786", "CVE-2017-7846", "CVE-2017-7819", "CVE-2017-7803", "CVE-2017-7792", "CVE-2018-5099", "CVE-2017-7830", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7826", "CVE-2017-7814"], "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, conduct URL hijacking, or conduct cross-site scripting (XSS). \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-52.6.0\"\n \n\nAll Thunderbird binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-52.6.0\"", "edition": 1, "modified": "2018-03-28T00:00:00", "published": "2018-03-28T00:00:00", "href": "https://security.gentoo.org/glsa/201803-14", "id": "GLSA-201803-14", "title": "Mozilla Thunderbird: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-02-20T04:07:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7791", "CVE-2017-7784", "CVE-2017-7824", "CVE-2017-5462", "CVE-2017-7800", "CVE-2017-7753", "CVE-2017-5436", "CVE-2017-7801", "CVE-2017-7810", "CVE-2018-5097", "CVE-2017-7778", "CVE-2017-5441", "CVE-2017-5472", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2018-5089", "CVE-2017-5434", "CVE-2018-5091", "CVE-2017-7756", "CVE-2018-5096", "CVE-2017-5465", "CVE-2018-5095", "CVE-2017-7843", "CVE-2016-6354", "CVE-2017-7764", "CVE-2017-7771", "CVE-2018-5098", "CVE-2017-5429", "CVE-2018-5102", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-7802", "CVE-2017-7787", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-7749", "CVE-2017-7805", "CVE-2017-5470", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-7779", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-7785", "CVE-2017-5433", "CVE-2017-7751", "CVE-2017-7823", "CVE-2018-5117", "CVE-2017-7807", "CVE-2017-5447", "CVE-2017-5444", "CVE-2017-7750", "CVE-2017-5460", "CVE-2017-7777", "CVE-2018-5104", "CVE-2017-7809", "CVE-2017-7775", "CVE-2018-5103", "CVE-2017-7798", "CVE-2017-7786", "CVE-2017-7774", "CVE-2017-7776", "CVE-2017-7844", "CVE-2017-7819", "CVE-2017-5461", "CVE-2017-5437", "CVE-2017-7803", "CVE-2017-7792", "CVE-2018-5099", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-5448", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-7814", "CVE-2017-5464"], "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-52.6.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-52.6.0\"", "edition": 1, "modified": "2018-02-20T00:00:00", "published": "2018-02-20T00:00:00", "href": "https://security.gentoo.org/glsa/201802-03", "id": "GLSA-201802-03", "type": "gentoo", "title": "Mozilla Firefox: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}