[Backports-security-announce] Security Update for iceweasel
2010-08-09T09:39:19
ID DEBIAN:62A4F6BCFAA8E2ECE0A407876108A863:7A3AF Type debian Reporter Debian Modified 2010-08-09T09:39:19
Description
Alexander Reichle-Schmehl uploaded new packages for iceweasel which
fixed the following security problems:
CVE-2010-1206:
The startDocumentLoad function in browser/base/content/browser.js in
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and
SeaMonkey before 2.0.6, does not properly implement the Same Origin
Policy in certain circumstances related to the about:blank document and
a document that is currently loading, which allows (1) remote web
servers to conduct spoofing attacks via vectors involving a 204 (aka No
Content) status code, and allows (2) remote attackers to conduct
spoofing attacks via vectors involving a window.stop call.
For the lenny-backports distribution the problems have been fixed in
version 3.5.11-1~bpo50+1.
For the squeeze and sid distributions the problems have been fixed in
version 3.5.11-1.
Upgrade instructions
If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.
{"id": "DEBIAN:62A4F6BCFAA8E2ECE0A407876108A863:7A3AF", "bulletinFamily": "unix", "title": "[Backports-security-announce] Security Update for iceweasel", "description": "Alexander Reichle-Schmehl uploaded new packages for iceweasel which\nfixed the following security problems:\n \nCVE-2010-1206:\n\n The startDocumentLoad function in browser/base/content/browser.js in\n Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and\n SeaMonkey before 2.0.6, does not properly implement the Same Origin\n Policy in certain circumstances related to the about:blank document and\n a document that is currently loading, which allows (1) remote web\n servers to conduct spoofing attacks via vectors involving a 204 (aka No\n Content) status code, and allows (2) remote attackers to conduct\n spoofing attacks via vectors involving a window.stop call.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.5.11-1~bpo50+1.\n\nFor the squeeze and sid distributions the problems have been fixed in\nversion 3.5.11-1.\n\nUpgrade instructions\n--------------------\n \nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.org/dokuwiki/doku.php?id=instructions>\n \nWe recommend to pin the backports repository to 200 so that new\nversions of installed backports will be installed automatically. \n \n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "published": "2010-08-09T09:39:19", "modified": "2010-08-09T09:39:19", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201008/msg00000.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2010-1206"], "type": "debian", "lastseen": "2019-05-30T02:21:30", "history": [{"bulletin": {"affectedPackage": [{"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "xulrunner-1.9.1-dbg_3.5.11-1_all.deb", "packageName": "xulrunner-1.9.1-dbg", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "libmozjs-dev_3.5.11-1_all.deb", "packageName": "libmozjs-dev", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "xulrunner-dev_3.5.11-1_all.deb", "packageName": "xulrunner-dev", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "xulrunner-1.9.1_3.5.11-1_all.deb", "packageName": "xulrunner-1.9.1", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "spidermonkey-bin_3.5.11-1_all.deb", "packageName": "spidermonkey-bin", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "libmozjs2d-dbg_3.5.11-1_all.deb", "packageName": "libmozjs2d-dbg", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "iceweasel_3.5.11-1_all.deb", "packageName": "iceweasel", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "libmozjs2d_3.5.11-1_all.deb", "packageName": "libmozjs2d", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "iceweasel-dbg_3.5.11-1_all.deb", "packageName": "iceweasel-dbg", "packageVersion": "3.5.11-1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2010-1206"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Alexander Reichle-Schmehl uploaded new packages for iceweasel which\nfixed the following security problems:\n \nCVE-2010-1206:\n\n The startDocumentLoad function in browser/base/content/browser.js in\n Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and\n SeaMonkey before 2.0.6, does not properly implement the Same Origin\n Policy in certain circumstances related to the about:blank document and\n a document that is currently loading, which allows (1) remote web\n servers to conduct spoofing attacks via vectors involving a 204 (aka No\n Content) status code, and allows (2) remote attackers to conduct\n spoofing attacks via vectors involving a window.stop call.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.5.11-1~bpo50+1.\n\nFor the squeeze and sid distributions the problems have been fixed in\nversion 3.5.11-1.\n\nUpgrade instructions\n--------------------\n \nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.org/dokuwiki/doku.php?id=instructions>\n \nWe recommend to pin the backports repository to 200 so that new\nversions of installed backports will be installed automatically. \n \n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-10-16T22:14:55", "references": [{"idList": ["8C2EA875-9499-11DF-8E32-000F20797EDE"], "type": "freebsd"}, {"idList": ["RHSA-2010:0547"], "type": "redhat"}, {"idList": ["OPENVAS:862274", "OPENVAS:1361412562310801386", "OPENVAS:1361412562310862267", "OPENVAS:862256", "OPENVAS:1361412562310862270", "OPENVAS:902209", "OPENVAS:862270", "OPENVAS:801386", "OPENVAS:1361412562310862273", "OPENVAS:1361412562310902209"], "type": "openvas"}, {"idList": ["ELSA-2010-0547"], "type": "oraclelinux"}, {"idList": ["USN-930-5", "USN-930-4", "USN-957-2", "USN-957-1"], "type": "ubuntu"}, {"idList": ["SECURITYVULNS:VULN:11014", "SECURITYVULNS:DOC:24318"], "type": "securityvulns"}, {"idList": ["SEAMONKEY_206.NASL", "SUSE_MOZILLAFIREFOX-7101.NASL", "FEDORA_2010-11363.NASL", "SUSE_11_2_MOZILLAFIREFOX-100722.NASL", "FEDORA_2010-11327.NASL", "FEDORA_2010-11375.NASL", "SUSE_11_3_SEAMONKEY-100721.NASL", "SUSE_11_1_MOZILLAFIREFOX-100722.NASL", "SUSE_11_3_MOZILLA-XULRUNNER191-100722.NASL", "SUSE_11_2_SEAMONKEY-100721.NASL"], "type": "nessus"}, {"idList": ["SUSE-SA:2010:032"], "type": "suse"}, {"idList": ["CVE-2010-1206"], "type": "cve"}, {"idList": ["GLSA-201301-01"], "type": "gentoo"}, {"idList": ["CESA-2010:0547"], "type": "centos"}]}, "score": {"modified": "2018-10-16T22:14:55", "value": 5.0, "vector": "NONE"}}, "hash": "3e947cdf1a551f244fd07cbb87db511b2a299f3bc06fc2031701bdfe8106b59d", "hashmap": [{"hash": "2f4e713712a7f6764c9cecb5d5055928", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "6c59a9ef6f8eec350a6c620a60d2d499", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6fe8b98c53e8d099686936732785d471", "key": "reporter"}, {"hash": "0ce181d81ecb6a47a108bb5342a62556", "key": "cvelist"}, {"hash": "6e9552c9bd8e61c8f277c21220160234", "key": "type"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "61b34e3d674fb79149cc354c7d259946", "key": "modified"}, {"hash": "61b34e3d674fb79149cc354c7d259946", "key": "published"}, {"hash": "7c610f263e8d655d84957c2f235b68c5", "key": "affectedPackage"}, {"hash": "f52749290cb270af5750b880cbb9168e", "key": "title"}], "history": [], "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201008/msg00000.html", "id": "DEBIAN:62A4F6BCFAA8E2ECE0A407876108A863:7A3AF", "lastseen": "2018-10-16T22:14:55", "modified": "2010-08-09T09:39:19", "objectVersion": "1.3", "published": "2010-08-09T09:39:19", "references": [], "reporter": "Debian", "title": "[Backports-security-announce] Security Update for iceweasel", "type": "debian", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-10-16T22:14:55"}], "edition": 2, "hashmap": [{"key": "affectedPackage", "hash": "7c610f263e8d655d84957c2f235b68c5"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "0ce181d81ecb6a47a108bb5342a62556"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "description", "hash": "6c59a9ef6f8eec350a6c620a60d2d499"}, {"key": "href", "hash": "2f4e713712a7f6764c9cecb5d5055928"}, {"key": "modified", "hash": "61b34e3d674fb79149cc354c7d259946"}, {"key": "published", "hash": "61b34e3d674fb79149cc354c7d259946"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6fe8b98c53e8d099686936732785d471"}, {"key": "title", "hash": "f52749290cb270af5750b880cbb9168e"}, {"key": "type", "hash": "6e9552c9bd8e61c8f277c21220160234"}], "hash": "d9a2e980dc6bdbd5af3db89639e0aac97fe5e5b0f15100d65e209b5e2a926ec8", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1206"]}, {"type": "openvas", "idList": ["OPENVAS:902209", "OPENVAS:1361412562310902209", "OPENVAS:1361412562310801386", "OPENVAS:801386", "OPENVAS:862256", "OPENVAS:862270", "OPENVAS:1361412562310862270", "OPENVAS:862273", "OPENVAS:1361412562310862268", "OPENVAS:862274"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24318", "SECURITYVULNS:VULN:11014"]}, {"type": "nessus", "idList": ["SUSE_11_1_MOZILLAFIREFOX-100722.NASL", "SUSE_MOZILLAFIREFOX-7101.NASL", "FEDORA_2010-11327.NASL", "SUSE_11_2_SEAMONKEY-100721.NASL", "FEDORA_2010-11375.NASL", "SUSE_11_2_MOZILLAFIREFOX-100722.NASL", "SEAMONKEY_206.NASL", "SUSE_11_3_SEAMONKEY-100721.NASL", "FEDORA_2010-11363.NASL", "SUSE_11_3_MOZILLA-XULRUNNER191-100722.NASL"]}, {"type": "ubuntu", "idList": ["USN-957-2", "USN-957-1", "USN-930-4", "USN-930-5"]}, {"type": "freebsd", "idList": ["8C2EA875-9499-11DF-8E32-000F20797EDE"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0547"]}, {"type": "suse", "idList": ["SUSE-SA:2010:032"]}, {"type": "centos", "idList": ["CESA-2010:0547"]}, {"type": "redhat", "idList": ["RHSA-2010:0547"]}, {"type": "gentoo", "idList": ["GLSA-201301-01"]}], "modified": "2019-05-30T02:21:30"}, "score": {"value": 6.9, "vector": "NONE", "modified": "2019-05-30T02:21:30"}, "vulnersScore": 6.9}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "xulrunner-1.9.1-dbg_3.5.11-1_all.deb", "packageName": "xulrunner-1.9.1-dbg", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "libmozjs-dev_3.5.11-1_all.deb", "packageName": "libmozjs-dev", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "xulrunner-dev_3.5.11-1_all.deb", "packageName": "xulrunner-dev", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "xulrunner-1.9.1_3.5.11-1_all.deb", "packageName": "xulrunner-1.9.1", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "spidermonkey-bin_3.5.11-1_all.deb", "packageName": "spidermonkey-bin", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "libmozjs2d-dbg_3.5.11-1_all.deb", "packageName": "libmozjs2d-dbg", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "iceweasel_3.5.11-1_all.deb", "packageName": "iceweasel", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "libmozjs2d_3.5.11-1_all.deb", "packageName": "libmozjs2d", "packageVersion": "3.5.11-1"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "iceweasel-dbg_3.5.11-1_all.deb", "packageName": "iceweasel-dbg", "packageVersion": "3.5.11-1"}], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1206", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1206", "published": "2010-06-25T19:30:00", "title": "CVE-2010-1206", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-02T21:09:56", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox and is prone to spoofing\n vulnerability.", "modified": "2017-02-22T00:00:00", "published": "2010-07-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902209", "id": "OPENVAS:902209", "title": "Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl 5394 2017-02-22 09:22:42Z teissa $\n#\n# Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let attackers to conduct spoofing attacks.\n Impact Level: Application\";\ntag_affected = \"Firefox version before 3.6.6\";\ntag_insight = \"The flaw is due to error in the 'startDocumentLoad()' function in\n 'browser/base/content/browser.js', fails to implement Same Origin Policy.\n This can be exploited to display arbitrary content in the blank document\n while showing the URL of a trusted web site in the address bar.\";\ntag_solution = \"Upgrade to Firefox version 3.6.6 or later,\n http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"The host is installed with Mozilla Firefox and is prone to spoofing\n vulnerability.\";\n\nif(description)\n{\n script_id(902209);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-02 08:02:13 +0200 (Fri, 02 Jul 2010)\");\n script_cve_id(\"CVE-2010-1206\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Windows)\");\n\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_require_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40283\");\n script_xref(name : \"URL\" , value : \"http://hg.mozilla.org/mozilla-central/rev/cadddabb1178\");\n script_xref(name : \"URL\" , value : \"http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n # Grep for Firefox version < 3.6.6\n if(version_is_less(version:ffVer, test_version:\"3.6.6\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:13", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox and is prone to spoofing\n vulnerability.", "modified": "2018-12-04T00:00:00", "published": "2010-07-02T00:00:00", "id": "OPENVAS:1361412562310902209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902209", "title": "Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902209\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-02 08:02:13 +0200 (Fri, 02 Jul 2010)\");\n script_cve_id(\"CVE-2010-1206\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Windows)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to conduct spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Firefox version before 3.6.6.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to error in the 'startDocumentLoad()' function in\n 'browser/base/content/browser.js', fails to implement Same Origin Policy.\n This can be exploited to display arbitrary content in the blank document\n while showing the URL of a trusted web site in the address bar.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.6.6 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox and is prone to spoofing\n vulnerability.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/40283\");\n script_xref(name:\"URL\", value:\"http://hg.mozilla.org/mozilla-central/rev/cadddabb1178\");\n script_xref(name:\"URL\", value:\"http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"3.6.6\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-12T10:50:07", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox/Seamonkey that are prone to\n multiple vulnerabilities.", "modified": "2017-06-27T00:00:00", "published": "2010-07-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=801386", "id": "OPENVAS:801386", "title": "Mozilla Products Multiple Vulnerabilitie july-10 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_win01_jul10.nasl 6444 2017-06-27 11:24:02Z santu $\n#\n# Mozilla Products Multiple Vulnerabilitie july-10 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Firefox version 3.5.11 or 3.6.7\n http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to Seamonkey version 2.0.6\n http://www.seamonkey-project.org/releases/\";\n\ntag_impact = \"Successful exploitation will let attackers to to cause a denial of service\n or execute arbitrary code.\n Impact Level: Application\";\ntag_affected = \"Seamonkey version 2.0.x before 2.0.6\n Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7\";\ntag_insight = \"The flaws are due to:\n - An error in the 'DOM' attribute cloning routine where under certain\n circumstances an event attribute node can be deleted while another object\n still contains a reference to it.\n - An error in Mozilla's implementation of NodeIterator in which a malicious\n NodeFilter could be created which would detach nodes from the DOM tree while\n it was being traversed.\n - An error in the code used to store the names and values of plugin parameter\n elements. A malicious page could embed plugin content containing a very\n large number of parameter elements which would cause an overflow in the\n integer value counting them.\n - An error in handling of location bar could be spoofed to look like a secure\n page when the current document was served via plain text.\n - Spoofing method does not require that the resource opened in a new window\n respond with 204, as long as the opener calls window.stop() before the\n document is loaded.\n - Spoofing error occurs when opening a new window containing a resource that\n responds with an HTTP 204 (no content) and then using the reference to the\n new window to insert HTML content into the blank document.\";\ntag_summary = \"The host is installed with Mozilla Firefox/Seamonkey that are prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(801386);\n script_version(\"$Revision: 6444 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-27 13:24:02 +0200 (Tue, 27 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-26 16:14:51 +0200 (Mon, 26 Jul 2010)\");\n script_bugtraq_id(41824);\n script_cve_id(\"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1206\",\n \"CVE-2010-1214\", \"CVE-2010-2751\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilitie july-10 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2010/mfsa2010-35.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2010/mfsa2010-36.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2010/mfsa2010-37.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2010/mfsa2010-43.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2010/mfsa2010-45.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n ## Grep for Firefox version 3.5 < 3.5.11, 3.6 < 3.6.2\n if(version_in_range(version:ffVer, test_version:\"3.6\", test_version2:\"3.6.6\") ||\n version_in_range(version:ffVer, test_version:\"3.5\", test_version2:\"3.5.10\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## Seamonkey Check\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer != NULL)\n{\n # Grep for Seamonkey version 2.0 < 2.0.6\n if(version_in_range(version:smVer, test_version:\"2.0\", test_version2:\"2.0.5\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-08-07T15:18:23", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox/Seamonkey that are prone to\n multiple vulnerabilities.", "modified": "2019-08-06T00:00:00", "published": "2010-07-26T00:00:00", "id": "OPENVAS:1361412562310801386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801386", "title": "Mozilla Products Multiple Vulnerabilities july-10 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products Multiple Vulnerabilities july-10 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801386\");\n script_version(\"2019-08-06T11:17:21+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-06 11:17:21 +0000 (Tue, 06 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-07-26 16:14:51 +0200 (Mon, 26 Jul 2010)\");\n script_bugtraq_id(41824);\n script_cve_id(\"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1206\",\n \"CVE-2010-1214\", \"CVE-2010-2751\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities july-10 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-35.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-36.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-37.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-43.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-45.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\", \"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to cause a denial of service\n or execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Seamonkey version 2.0.x before 2.0.6\n\n Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to:\n\n - An error in the 'DOM' attribute cloning routine where under certain\n circumstances an event attribute node can be deleted while another object\n still contains a reference to it.\n\n - An error in Mozilla's implementation of NodeIterator in which a malicious\n NodeFilter could be created which would detach nodes from the DOM tree while\n it was being traversed.\n\n - An error in the code used to store the names and values of plugin parameter\n elements. A malicious page could embed plugin content containing a very\n large number of parameter elements which would cause an overflow in the\n integer value counting them.\n\n - An error in handling of location bar could be spoofed to look like a secure\n page when the current document was served via plain text.\n\n - Spoofing method does not require that the resource opened in a new window\n respond with 204, as long as the opener calls window.stop() before the\n document is loaded.\n\n - Spoofing error occurs when opening a new window containing a resource that\n responds with an HTTP 204 (no content) and then using the reference to the\n new window to insert HTML content into the blank document.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox/Seamonkey that are prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.5.11 or 3.6.7\n\n Upgrade to Seamonkey version 2.0.6\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_in_range(version:ffVer, test_version:\"3.6\", test_version2:\"3.6.6\") ||\n version_in_range(version:ffVer, test_version:\"3.5\", test_version2:\"3.5.10\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer)\n{\n if(version_in_range(version:smVer, test_version:\"2.0\", test_version2:\"2.0.5\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:10:56", "bulletinFamily": "scanner", "description": "Check for the Version of perl-Gtk2-MozEmbed", "modified": "2017-12-12T00:00:00", "published": "2010-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862276", "id": "OPENVAS:862276", "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl-Gtk2-MozEmbed on Fedora 12\";\ntag_insight = \"This module allows you to use the Mozilla embedding widget from Perl.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044480.html\");\n script_id(862276);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11375\");\n script_cve_id(\"CVE-2010-1211\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1214\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-1205\", \"CVE-2010-1213\", \"CVE-2010-1206\", \"CVE-2010-2751\", \"CVE-2010-0654\", \"CVE-2010-2754\");\n script_name(\"Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-Gtk2-MozEmbed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Gtk2-MozEmbed\", rpm:\"perl-Gtk2-MozEmbed~0.08~6.fc12.14\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:21", "bulletinFamily": "scanner", "description": "Check for the Version of gnome-python2-extras", "modified": "2017-12-20T00:00:00", "published": "2010-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862268", "id": "OPENVAS:862268", "title": "Fedora Update for gnome-python2-extras FEDORA-2010-11375", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2010-11375\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 12\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044479.html\");\n script_id(862268);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11375\");\n script_cve_id(\"CVE-2010-1211\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1214\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-1205\", \"CVE-2010-1213\", \"CVE-2010-1206\", \"CVE-2010-2751\", \"CVE-2010-0654\", \"CVE-2010-2754\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2010-11375\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~19.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:23", "bulletinFamily": "scanner", "description": "Check for the Version of perl-Gtk2-MozEmbed", "modified": "2017-12-21T00:00:00", "published": "2010-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862276", "id": "OPENVAS:1361412562310862276", "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl-Gtk2-MozEmbed on Fedora 12\";\ntag_insight = \"This module allows you to use the Mozilla embedding widget from Perl.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044480.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862276\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11375\");\n script_cve_id(\"CVE-2010-1211\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1214\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-1205\", \"CVE-2010-1213\", \"CVE-2010-1206\", \"CVE-2010-2751\", \"CVE-2010-0654\", \"CVE-2010-2754\");\n script_name(\"Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-Gtk2-MozEmbed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Gtk2-MozEmbed\", rpm:\"perl-Gtk2-MozEmbed~0.08~6.fc12.14\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:43", "bulletinFamily": "scanner", "description": "Check for the Version of seamonkey", "modified": "2017-12-14T00:00:00", "published": "2010-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862273", "id": "OPENVAS:862273", "title": "Fedora Update for seamonkey FEDORA-2010-11327", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2010-11327\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 13\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044428.html\");\n script_id(862273);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11327\");\n script_cve_id(\"CVE-2010-1211\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1214\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-1205\", \"CVE-2010-1213\", \"CVE-2010-1206\", \"CVE-2010-2751\", \"CVE-2010-0654\", \"CVE-2010-2754\");\n script_name(\"Fedora Update for seamonkey FEDORA-2010-11327\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.0.6~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:53", "bulletinFamily": "scanner", "description": "Check for the Version of xulrunner", "modified": "2017-12-29T00:00:00", "published": "2010-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862270", "id": "OPENVAS:1361412562310862270", "title": "Fedora Update for xulrunner FEDORA-2010-11375", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2010-11375\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 12\";\ntag_insight = \"XULRunner provides the XUL Runtime environment for Gecko applications.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044477.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862270\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11375\");\n script_cve_id(\"CVE-2010-1211\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1214\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-1205\", \"CVE-2010-1213\", \"CVE-2010-1206\", \"CVE-2010-2751\", \"CVE-2010-0654\", \"CVE-2010-2754\");\n script_name(\"Fedora Update for xulrunner FEDORA-2010-11375\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.1.11~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:40", "bulletinFamily": "scanner", "description": "Check for the Version of galeon", "modified": "2017-12-27T00:00:00", "published": "2010-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862256", "id": "OPENVAS:1361412562310862256", "title": "Fedora Update for galeon FEDORA-2010-11375", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for galeon FEDORA-2010-11375\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"galeon on Fedora 12\";\ntag_insight = \"Galeon is a web browser built around Gecko (Mozilla's rendering\n engine) and Necko (Mozilla's networking engine). It's a GNOME web\n browser, designed to take advantage of as many GNOME technologies as\n makes sense. Galeon was written to do just one thing - browse the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044483.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862256\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11375\");\n script_cve_id(\"CVE-2010-1211\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1214\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-1205\", \"CVE-2010-1213\", \"CVE-2010-1206\", \"CVE-2010-2751\", \"CVE-2010-0654\", \"CVE-2010-2754\");\n script_name(\"Fedora Update for galeon FEDORA-2010-11375\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of galeon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.7~24.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "description": "Mozilla Foundation Security Advisory 2010-45\r\n\r\nTitle: Multiple location bar spoofing vulnerabilities\r\nImpact: Moderate\r\nAnnounced: July 20, 2010\r\nReporter: Michal Zalewski, Jordi Chancel\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 3.6.7\r\n Firefox 3.5.11\r\n SeaMonkey 2.0.6\r\nDescription\r\n\r\nGoogle security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing.\r\n\r\nSecurity researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar.\r\nReferences\r\n\r\n * Location bar spoofing with HTTP 204 or window.stop()\r\n * CVE-2010-1206\r\n\r\n * SSL spoofing with history.back() and history.forward()\r\n * CVE-2010-2751\r\n", "modified": "2010-07-24T00:00:00", "published": "2010-07-24T00:00:00", "id": "SECURITYVULNS:DOC:24318", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24318", "title": "Mozilla Foundation Security Advisory 2010-45", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "description": "Multiple memory corruptions, use-after-free, integer overflows, array index overflow, code execution, etc.", "modified": "2010-07-24T00:00:00", "published": "2010-07-24T00:00:00", "id": "SECURITYVULNS:VULN:11014", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11014", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:13:37", "bulletinFamily": "scanner", "description": "The installed version of SeaMonkey is earlier than 2.0.6. Such versions are potentially affected by the following security issues :\n\n - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34)\n\n - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35)\n\n - An error in Mozilla's 'NodeIterator' implementation could lead to arbitrary code execution. (MFSA 2010-36)\n\n - An error in the code to store the names and values of plugin parameters could lead arbitrary code execution.\n (MFSA 2010-37)\n\n - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39)\n\n - An integer overflow vulnerability exists in the 'selection' attribute of XUL <tree> element.\n (MFSA 2010-40)\n\n - A buffer overflow vulnerability in Mozilla graphics code could lead to arbitrary code execution.\n (MFSA 2010-41)\n\n - It is possible to read and parse resources from other domains even when the content is not valid JavaScript leading to cross-domain data disclosure. (MFSA 2010-42)\n\n - Multiple location bar spoofing vulnerabilities exist.\n (MFSA 2010-45)\n\n - It is possible to read data across domains by injecting bogus CSS selectors into a target site.\n (MFSA 2010-46)\n\n - Potentially sensitive URL parameters could be leaked across domains via script errors. (MFSA 2010-47)", "modified": "2018-07-27T00:00:00", "id": "SEAMONKEY_206.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47785", "published": "2010-07-21T00:00:00", "title": "SeaMonkey < 2.0.6 Multiple Vulnerabilities ", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47785);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2010-0654\",\n \"CVE-2010-1205\",\n \"CVE-2010-1206\",\n \"CVE-2010-1208\",\n \"CVE-2010-1209\",\n \"CVE-2010-1211\",\n \"CVE-2010-1212\",\n \"CVE-2010-1214\",\n \"CVE-2010-2751\",\n \"CVE-2010-2752\",\n \"CVE-2010-2753\",\n \"CVE-2010-2754\"\n );\n script_bugtraq_id(\n 41842,\n 41845,\n 41849,\n 41852,\n 41853,\n 41859,\n 41860,\n 41865,\n 41871,\n 41872,\n 41968\n );\n script_xref(name:\"Secunia\", value:\"40688\");\n\n script_name(english:\"SeaMonkey < 2.0.6 Multiple Vulnerabilities \");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of SeaMonkey is earlier than 2.0.6. Such\nversions are potentially affected by the following security issues :\n\n - Multiple memory safety bugs could result in memory\n corruption, potentially resulting in arbitrary code\n execution. (MFSA 2010-34)\n\n - An error in DOM attribute cloning could result in\n arbitrary code execution. (MFSA 2010-35)\n\n - An error in Mozilla's 'NodeIterator' implementation\n could lead to arbitrary code execution. (MFSA 2010-36)\n\n - An error in the code to store the names and values of\n plugin parameters could lead arbitrary code execution.\n (MFSA 2010-37)\n\n - The array class used to store CSS values is affected\n by an integer overflow vulnerability. (MFSA 2010-39)\n\n - An integer overflow vulnerability exists in the\n 'selection' attribute of XUL <tree> element.\n (MFSA 2010-40)\n\n - A buffer overflow vulnerability in Mozilla graphics\n code could lead to arbitrary code execution.\n (MFSA 2010-41)\n\n - It is possible to read and parse resources from other\n domains even when the content is not valid JavaScript\n leading to cross-domain data disclosure. (MFSA 2010-42)\n\n - Multiple location bar spoofing vulnerabilities exist.\n (MFSA 2010-45)\n\n - It is possible to read data across domains by\n injecting bogus CSS selectors into a target site.\n (MFSA 2010-46)\n\n - Potentially sensitive URL parameters could be leaked\n across domains via script errors. (MFSA 2010-47)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.0.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/23\"); # (MFSA 2010-46)\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/21\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.0.6', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:38", "bulletinFamily": "scanner", "description": "Update to new upstream SeaMonkey version 2.0.6, fixing multiple security issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2010-11363.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47811", "published": "2010-07-23T00:00:00", "title": "Fedora 12 : seamonkey-2.0.6-1.fc12 (2010-11363)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11363.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47811);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/20 11:04:16\");\n\n script_cve_id(\"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1211\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_bugtraq_id(41055, 41174, 41842, 41845, 41849, 41852, 41853, 41859, 41860, 41871, 41872);\n script_xref(name:\"FEDORA\", value:\"2010-11363\");\n\n script_name(english:\"Fedora 12 : seamonkey-2.0.6-1.fc12 (2010-11363)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream SeaMonkey version 2.0.6, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/seamonkey20.html#seamonkey2.0.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=568231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=608238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=608763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615488\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044469.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22382b4d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"seamonkey-2.0.6-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:47", "bulletinFamily": "scanner", "description": "This update brings Mozilla SeaMonkey to the 2.0.6 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.\n\nMFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of the document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_3_SEAMONKEY-100721.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75731", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-2754.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75731);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1211\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)\");\n script_summary(english:\"Check for the seamonkey-2754 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla SeaMonkey to the 2.0.6 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. Jesse Ruderman, Ehsan\nAkhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and\nDaniel Holbert reported memory safety problems that affected Firefox\n3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit. This reference could subsequently be accessed, potentially causing\nthe execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a malicious NodeFilter could\nbe created which would detach nodes from the DOM tree while it was\nbeing traversed. The use of a detached and subsequently deleted node\ncould result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements. A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem. This integer is later used in allocating a memory buffer used to\nstore the plugin parameters. Under such conditions, too small a buffer\nwould be created and attacker-controlled data could be written past\nthe end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability. The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created. When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an integer overflow\nvulnerability in the implementation of the XUL <tree> element's\nselection attribute. When the size of a new selection is sufficiently\nlarge the integer used in calculating the length of the selection can\noverflow, resulting in a bogus range being marked selected. When\nadjustSelection is then called on the bogus range the range is deleted\nleaving dangling references to the ranges which could be used by an\nattacker to call into deleted memory and run arbitrary code on a\nvictim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a\nbuffer overflow in Mozilla graphics code which consumes image data\nprocessed by libpng. A malformed PNG file could be created which would\ncause libpng to incorrectly report the size of the image to downstream\nconsumers. When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer. This could result in the\nexecution of attacker-controlled memory.\n\nMFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa\nreported that the Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal\nZalewski reported two methods for spoofing the contents of the\nlocation bar. The first method works by opening a new window\ncontaining a resource that responds with an HTTP 204 (no content) and\nthen using the reference to the new window to insert HTML content into\nthe blank document. The second location bar spoofing method does not\nrequire that the resource opened in a new window respond with 204, as\nlong as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel\nreported that the location bar could be spoofed to look like a secure\npage when the current document was served via plaintext. The\nvulnerability is triggered by a server by first redirecting a request\nfor a plaintext resource to another resource behind a valid SSL/TLS\ncertificate. A second request made to the original plaintext resource\nwhich is responded to not with a redirect but with JavaScript\ncontaining history.back() and history.forward() will result in the\nplaintext resource being displayed with valid SSL/TLS badging in the\nlocation bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans\nreported that data can be read across domains by injecting bogus CSS\nselectors into a target site and then retrieving the data using\nJavaScript APIs. If an attacker can inject opening and closing\nportions of a CSS selector into points A and B of a target page, then\nthe region between the two injection points becomes readable to\nJavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili\nreported that potentially sensitive URL parameters could be leaked\nacross domains upon script errors when the script filename and line\nnumber is included in the error message.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-07/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-2.0.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-dom-inspector-2.0.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-irc-2.0.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-common-2.0.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-other-2.0.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-venkman-2.0.6-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:40", "bulletinFamily": "scanner", "description": "This update brings Mozilla Firefox to the 3.5.11 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.\n\nMFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of the document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_2_MOZILLAFIREFOX-100722.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47907", "published": "2010-07-30T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-2774.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47907);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1211\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)\");\n script_summary(english:\"Check for the MozillaFirefox-2774 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to the 3.5.11 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. Jesse Ruderman, Ehsan\nAkhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and\nDaniel Holbert reported memory safety problems that affected Firefox\n3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit. This reference could subsequently be accessed, potentially causing\nthe execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a malicious NodeFilter could\nbe created which would detach nodes from the DOM tree while it was\nbeing traversed. The use of a detached and subsequently deleted node\ncould result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements. A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem. This integer is later used in allocating a memory buffer used to\nstore the plugin parameters. Under such conditions, too small a buffer\nwould be created and attacker-controlled data could be written past\nthe end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability. The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created. When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an integer overflow\nvulnerability in the implementation of the XUL <tree> element's\nselection attribute. When the size of a new selection is sufficiently\nlarge the integer used in calculating the length of the selection can\noverflow, resulting in a bogus range being marked selected. When\nadjustSelection is then called on the bogus range the range is deleted\nleaving dangling references to the ranges which could be used by an\nattacker to call into deleted memory and run arbitrary code on a\nvictim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a\nbuffer overflow in Mozilla graphics code which consumes image data\nprocessed by libpng. A malformed PNG file could be created which would\ncause libpng to incorrectly report the size of the image to downstream\nconsumers. When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer. This could result in the\nexecution of attacker-controlled memory.\n\nMFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa\nreported that the Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal\nZalewski reported two methods for spoofing the contents of the\nlocation bar. The first method works by opening a new window\ncontaining a resource that responds with an HTTP 204 (no content) and\nthen using the reference to the new window to insert HTML content into\nthe blank document. The second location bar spoofing method does not\nrequire that the resource opened in a new window respond with 204, as\nlong as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel\nreported that the location bar could be spoofed to look like a secure\npage when the current document was served via plaintext. The\nvulnerability is triggered by a server by first redirecting a request\nfor a plaintext resource to another resource behind a valid SSL/TLS\ncertificate. A second request made to the original plaintext resource\nwhich is responded to not with a redirect but with JavaScript\ncontaining history.back() and history.forward() will result in the\nplaintext resource being displayed with valid SSL/TLS badging in the\nlocation bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans\nreported that data can be read across domains by injecting bogus CSS\nselectors into a target site and then retrieving the data using\nJavaScript APIs. If an attacker can inject opening and closing\nportions of a CSS selector into points A and B of a target page, then\nthe region between the two injection points becomes readable to\nJavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili\nreported that potentially sensitive URL parameters could be leaked\nacross domains upon script errors when the script filename and line\nnumber is included in the error message.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-07/msg00052.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom191\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-3.5.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-branding-upstream-3.5.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-common-3.5.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-other-3.5.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-devel-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-translations-common-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-translations-other-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-xpcom191-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.11-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:39", "bulletinFamily": "scanner", "description": "This update brings Mozilla SeaMonkey to the 2.0.6 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.\n\nMFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of the document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_2_SEAMONKEY-100721.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47854", "published": "2010-07-27T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-2754.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47854);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1211\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)\");\n script_summary(english:\"Check for the seamonkey-2754 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla SeaMonkey to the 2.0.6 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. Jesse Ruderman, Ehsan\nAkhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and\nDaniel Holbert reported memory safety problems that affected Firefox\n3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit. This reference could subsequently be accessed, potentially causing\nthe execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a malicious NodeFilter could\nbe created which would detach nodes from the DOM tree while it was\nbeing traversed. The use of a detached and subsequently deleted node\ncould result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements. A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem. This integer is later used in allocating a memory buffer used to\nstore the plugin parameters. Under such conditions, too small a buffer\nwould be created and attacker-controlled data could be written past\nthe end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability. The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created. When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an integer overflow\nvulnerability in the implementation of the XUL <tree> element's\nselection attribute. When the size of a new selection is sufficiently\nlarge the integer used in calculating the length of the selection can\noverflow, resulting in a bogus range being marked selected. When\nadjustSelection is then called on the bogus range the range is deleted\nleaving dangling references to the ranges which could be used by an\nattacker to call into deleted memory and run arbitrary code on a\nvictim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a\nbuffer overflow in Mozilla graphics code which consumes image data\nprocessed by libpng. A malformed PNG file could be created which would\ncause libpng to incorrectly report the size of the image to downstream\nconsumers. When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer. This could result in the\nexecution of attacker-controlled memory.\n\nMFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa\nreported that the Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal\nZalewski reported two methods for spoofing the contents of the\nlocation bar. The first method works by opening a new window\ncontaining a resource that responds with an HTTP 204 (no content) and\nthen using the reference to the new window to insert HTML content into\nthe blank document. The second location bar spoofing method does not\nrequire that the resource opened in a new window respond with 204, as\nlong as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel\nreported that the location bar could be spoofed to look like a secure\npage when the current document was served via plaintext. The\nvulnerability is triggered by a server by first redirecting a request\nfor a plaintext resource to another resource behind a valid SSL/TLS\ncertificate. A second request made to the original plaintext resource\nwhich is responded to not with a redirect but with JavaScript\ncontaining history.back() and history.forward() will result in the\nplaintext resource being displayed with valid SSL/TLS badging in the\nlocation bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans\nreported that data can be read across domains by injecting bogus CSS\nselectors into a target site and then retrieving the data using\nJavaScript APIs. If an attacker can inject opening and closing\nportions of a CSS selector into points A and B of a target page, then\nthe region between the two injection points becomes readable to\nJavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili\nreported that potentially sensitive URL parameters could be leaked\nacross domains upon script errors when the script filename and line\nnumber is included in the error message.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-07/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-2.0.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-dom-inspector-2.0.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-irc-2.0.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-venkman-2.0.6-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:38", "bulletinFamily": "scanner", "description": "Update to new upstream Firefox version 3.5.11, fixing multiple security issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.11 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-1211 CVE-2010-1208 CVE-2010-1209 CVE-2010-1214 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2010-11375.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47812", "published": "2010-07-23T00:00:00", "title": "Fedora 12 : firefox-3.5.11-1.fc12 / galeon-2.0.7-24.fc12 / gnome-python2-extras-2.25.3-19.fc12 / etc (2010-11375)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11375.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47812);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/20 11:04:16\");\n\n script_cve_id(\"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1211\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_xref(name:\"FEDORA\", value:\"2010-11375\");\n\n script_name(english:\"Fedora 12 : firefox-3.5.11-1.fc12 / galeon-2.0.7-24.fc12 / gnome-python2-extras-2.25.3-19.fc12 / etc (2010-11375)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.5.11, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox35.html#firefox3.5.11 Update also includes\npackages depending on gecko-libs rebuilt against new version of\nFirefox / XULRunner. CVE-2010-1211 CVE-2010-1208 CVE-2010-1209\nCVE-2010-1214 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213\nCVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=568231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=608238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=608763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615488\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044477.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9877099\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044478.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b7dd6f97\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044479.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?857aa032\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044480.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38eeab55\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044481.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6008c43b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ff605c6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044483.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49a9485a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"firefox-3.5.11-1.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"galeon-2.0.7-24.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-python2-extras-2.25.3-19.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-web-photo-0.9-8.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"mozvoikko-1.0-11.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc12.14\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"xulrunner-1.9.1.11-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:40", "bulletinFamily": "scanner", "description": "This update brings Mozilla Firefox to the 3.5.11 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.\n\nMFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of the document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_1_MOZILLAFIREFOX-100722.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47906", "published": "2010-07-30T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-2774.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47906);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1211\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)\");\n script_summary(english:\"Check for the MozillaFirefox-2774 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to the 3.5.11 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. Jesse Ruderman, Ehsan\nAkhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and\nDaniel Holbert reported memory safety problems that affected Firefox\n3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit. This reference could subsequently be accessed, potentially causing\nthe execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a malicious NodeFilter could\nbe created which would detach nodes from the DOM tree while it was\nbeing traversed. The use of a detached and subsequently deleted node\ncould result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements. A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem. This integer is later used in allocating a memory buffer used to\nstore the plugin parameters. Under such conditions, too small a buffer\nwould be created and attacker-controlled data could be written past\nthe end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability. The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created. When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative an integer overflow\nvulnerability in the implementation of the XUL <tree> element's\nselection attribute. When the size of a new selection is sufficiently\nlarge the integer used in calculating the length of the selection can\noverflow, resulting in a bogus range being marked selected. When\nadjustSelection is then called on the bogus range the range is deleted\nleaving dangling references to the ranges which could be used by an\nattacker to call into deleted memory and run arbitrary code on a\nvictim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a\nbuffer overflow in Mozilla graphics code which consumes image data\nprocessed by libpng. A malformed PNG file could be created which would\ncause libpng to incorrectly report the size of the image to downstream\nconsumers. When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer. This could result in the\nexecution of attacker-controlled memory.\n\nMFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa\nreported that the Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal\nZalewski reported two methods for spoofing the contents of the\nlocation bar. The first method works by opening a new window\ncontaining a resource that responds with an HTTP 204 (no content) and\nthen using the reference to the new window to insert HTML content into\nthe blank document. The second location bar spoofing method does not\nrequire that the resource opened in a new window respond with 204, as\nlong as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel\nreported that the location bar could be spoofed to look like a secure\npage when the current document was served via plaintext. The\nvulnerability is triggered by a server by first redirecting a request\nfor a plaintext resource to another resource behind a valid SSL/TLS\ncertificate. A second request made to the original plaintext resource\nwhich is responded to not with a redirect but with JavaScript\ncontaining history.back() and history.forward() will result in the\nplaintext resource being displayed with valid SSL/TLS badging in the\nlocation bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans\nreported that data can be read across domains by injecting bogus CSS\nselectors into a target site and then retrieving the data using\nJavaScript APIs. If an attacker can inject opening and closing\nportions of a CSS selector into points A and B of a target page, then\nthe region between the two injection points becomes readable to\nJavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili\nreported that potentially sensitive URL parameters could be leaked\nacross domains upon script errors when the script filename and line\nnumber is included in the error message.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-07/msg00052.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom191\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-3.5.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-branding-upstream-3.5.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-common-3.5.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-other-3.5.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner191-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner191-devel-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner191-translations-common-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner191-translations-other-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"python-xpcom191-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.11-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:38", "bulletinFamily": "scanner", "description": "Update to new upstream SeaMonkey version 2.0.6, fixing multiple security issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2010-11327.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47807", "published": "2010-07-23T00:00:00", "title": "Fedora 13 : seamonkey-2.0.6-1.fc13 (2010-11327)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11327.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47807);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/20 11:04:16\");\n\n script_cve_id(\"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1211\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_bugtraq_id(41055, 41174, 41842, 41845, 41849, 41852, 41853, 41859, 41860, 41871, 41872);\n script_xref(name:\"FEDORA\", value:\"2010-11327\");\n\n script_name(english:\"Fedora 13 : seamonkey-2.0.6-1.fc13 (2010-11327)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream SeaMonkey version 2.0.6, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/seamonkey20.html#seamonkey2.0.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=568231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=608238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=608763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615488\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0afff727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"seamonkey-2.0.6-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:55", "bulletinFamily": "scanner", "description": "This update brings Mozilla Firefox to the 3.5.11 security release.\n\nIt fixes following security issues :\n\n - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain circumstances, and it is presumed that with enough effort at least some of these could be exploited to run arbitrary code. . (MFSA 2010-34 / CVE-2010-1211)\n\n - An error in the DOM attribute cloning routine has been reported, where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. . (MFSA 2010-35 / CVE-2010-1208)\n\n - An error in Mozilla's implementation of NodeIterator has been reported which can be used to create a malicious NodeFilter to detach nodes from the DOM tree while it is being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker controlled memory. . (MFSA 2010-36 / CVE-2010-1209)\n\n - An error in the code used to store the names and values of plugin parameter elements has been found. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used for allocation of a memory buffer to store the plugin parameters. Under such conditions, a buffer that is too small would be created and attacker controlled data could be written past the end of the buffer, potentially resulting in code execution. . (MFSA 2010-37 / CVE-2010-1214)\n\n - An array class used to store CSS values contains an integer overflow vulnerability. A 16 bit integer used to allocate the memory for the array could overflow, resulting in too small a buffer being created. When the array is later populated with CSS values, data could be written past the end of the buffer, potentially resulting in the execution of attacker controlled memory. . (MFSA 2010-39 / CVE-2010-2752)\n\n - An integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute has been found. When the size of a new selection is sufficiently large, the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked as selected. When adjustSelection is then called on the bogus range, the range is deleted, leaving dangling references to the ranges. These could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. . (MFSA 2010-40 / CVE-2010-2753)\n\n - A buffer overflow in Mozilla graphics code which consumes image data processed by libpng has been reported. A malformed PNG file could be created causing libpng to report an incorrect size of the image. When the dimensions of such images are underreported, the Mozilla code displaying the graphic will allocate a memory buffer to small to contain the image data and will wind up writing data past the end of the buffer.\n This could result in the execution of attacker-controlled memory. . (MFSA 2010-41 / CVE-2010-1205)\n\n - The Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. . (MFSA 2010-42 / CVE-2010-1213)\n\n - Two methods for spoofing the content of the location bar have been reported. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead about the correct location of the document they are currently viewing. . (MFSA 2010-45 / CVE-2010-1206)\n\n - The location bar can be spoofed to look like a secure page even though the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect, but with JavaScript calling history.back() and history.forward() will result in the plaintext resource being displayed with a valid SSL/TLS badge in the location bar. . (MFSA 2010-45 / CVE-2010-2751)\n\n - Data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. .\n (MFSA 2010-46 / CVE-2010-0654)\n\n - Potentially sensitive URL parameters can be leaked across domains upon script errors when the script filename and line number is included in the error message. . (MFSA 2010-47 / CVE-2010-2754)", "modified": "2012-10-03T00:00:00", "id": "SUSE_MOZILLAFIREFOX-7101.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49894", "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7101)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49894);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2012/10/03 00:00:33 $\");\n\n script_cve_id(\"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1211\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to the 3.5.11 security release.\n\nIt fixes following security issues :\n\n - Several memory safety bugs in habe been identified in\n the browser engine used in Firefox and other\n Mozilla-based products. Some of these bugs show evidence\n of memory corruption under certain circumstances, and it\n is presumed that with enough effort at least some of\n these could be exploited to run arbitrary code. . (MFSA\n 2010-34 / CVE-2010-1211)\n\n - An error in the DOM attribute cloning routine has been\n reported, where under certain circumstances an event\n attribute node can be deleted while another object still\n contains a reference to it. This reference could\n subsequently be accessed, potentially causing the\n execution of attacker controlled memory. . (MFSA 2010-35\n / CVE-2010-1208)\n\n - An error in Mozilla's implementation of NodeIterator has\n been reported which can be used to create a malicious\n NodeFilter to detach nodes from the DOM tree while it is\n being traversed. The use of a detached and subsequently\n deleted node could result in the execution of attacker\n controlled memory. . (MFSA 2010-36 / CVE-2010-1209)\n\n - An error in the code used to store the names and values\n of plugin parameter elements has been found. A malicious\n page could embed plugin content containing a very large\n number of parameter elements which would cause an\n overflow in the integer value counting them. This\n integer is later used for allocation of a memory buffer\n to store the plugin parameters. Under such conditions, a\n buffer that is too small would be created and attacker\n controlled data could be written past the end of the\n buffer, potentially resulting in code execution. . (MFSA\n 2010-37 / CVE-2010-1214)\n\n - An array class used to store CSS values contains an\n integer overflow vulnerability. A 16 bit integer used to\n allocate the memory for the array could overflow,\n resulting in too small a buffer being created. When the\n array is later populated with CSS values, data could be\n written past the end of the buffer, potentially\n resulting in the execution of attacker controlled\n memory. . (MFSA 2010-39 / CVE-2010-2752)\n\n - An integer overflow vulnerability in the implementation\n of the XUL <tree> element's selection attribute has been\n found. When the size of a new selection is sufficiently\n large, the integer used in calculating the length of the\n selection can overflow, resulting in a bogus range being\n marked as selected. When adjustSelection is then called\n on the bogus range, the range is deleted, leaving\n dangling references to the ranges. These could be used\n by an attacker to call into deleted memory and run\n arbitrary code on a victim's computer. . (MFSA 2010-40 /\n CVE-2010-2753)\n\n - A buffer overflow in Mozilla graphics code which\n consumes image data processed by libpng has been\n reported. A malformed PNG file could be created causing\n libpng to report an incorrect size of the image. When\n the dimensions of such images are underreported, the\n Mozilla code displaying the graphic will allocate a\n memory buffer to small to contain the image data and\n will wind up writing data past the end of the buffer.\n This could result in the execution of\n attacker-controlled memory. . (MFSA 2010-41 /\n CVE-2010-1205)\n\n - The Web Worker method importScripts can read and parse\n resources from other domains even when the content is\n not valid JavaScript. This is a violation of the\n same-origin policy and could be used by an attacker to\n steal information from other sites. . (MFSA 2010-42 /\n CVE-2010-1213)\n\n - Two methods for spoofing the content of the location bar\n have been reported. The first method works by opening a\n new window containing a resource that responds with an\n HTTP 204 (no content) and then using the reference to\n the new window to insert HTML content into the blank\n document. The second location bar spoofing method does\n not require that the resource opened in a new window\n respond with 204, as long as the opener calls\n window.stop() before the document is loaded. In either\n case a user could be mislead about the correct location\n of the document they are currently viewing. . (MFSA\n 2010-45 / CVE-2010-1206)\n\n - The location bar can be spoofed to look like a secure\n page even though the current document was served via\n plaintext. The vulnerability is triggered by a server by\n first redirecting a request for a plaintext resource to\n another resource behind a valid SSL/TLS certificate. A\n second request made to the original plaintext resource\n which is responded to not with a redirect, but with\n JavaScript calling history.back() and history.forward()\n will result in the plaintext resource being displayed\n with a valid SSL/TLS badge in the location bar. . (MFSA\n 2010-45 / CVE-2010-2751)\n\n - Data can be read across domains by injecting bogus CSS\n selectors into a target site and then retrieving the\n data using JavaScript APIs. If an attacker can inject\n opening and closing portions of a CSS selector into\n points A and B of a target page, then the region between\n the two injection points becomes readable to JavaScript\n through, for example, the getComputedStyle() API. .\n (MFSA 2010-46 / CVE-2010-0654)\n\n - Potentially sensitive URL parameters can be leaked\n across domains upon script errors when the script\n filename and line number is included in the error\n message. . (MFSA 2010-47 / CVE-2010-2754)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0654.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1205.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1206.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1208.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1209.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1211.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2751.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2752.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2753.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2754.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7101.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"MozillaFirefox-3.5.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"MozillaFirefox-translations-3.5.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner191-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner191-translations-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-3.5.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-translations-3.5.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-translations-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.11-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:09", "bulletinFamily": "scanner", "description": "This update brings Mozilla Firefox to the 3.5.11 security release.\n\nIt fixes following security issues :\n\n - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain circumstances, and it is presumed that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-34 / CVE-2010-1211)\n\n - An error in the DOM attribute cloning routine has been reported, where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. (MFSA 2010-35 / CVE-2010-1208)\n\n - An error in Mozilla's implementation of NodeIterator has been reported which can be used to create a malicious NodeFilter to detach nodes from the DOM tree while it is being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker controlled memory. (MFSA 2010-36 / CVE-2010-1209)\n\n - An error in the code used to store the names and values of plugin parameter elements has been found. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used for allocation of a memory buffer to store the plugin parameters. Under such conditions, a buffer that is too small would be created and attacker controlled data could be written past the end of the buffer, potentially resulting in code execution. (MFSA 2010-37 / CVE-2010-1214)\n\n - An array class used to store CSS values contains an integer overflow vulnerability. A 16 bit integer used to allocate the memory for the array could overflow, resulting in too small a buffer being created. When the array is later populated with CSS values, data could be written past the end of the buffer, potentially resulting in the execution of attacker controlled memory. (MFSA 2010-39 / CVE-2010-2752)\n\n - An integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute has been found. When the size of a new selection is sufficiently large, the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked as selected. When adjustSelection is then called on the bogus range, the range is deleted, leaving dangling references to the ranges. These could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. (MFSA 2010-40 / CVE-2010-2753)\n\n - A buffer overflow in Mozilla graphics code which consumes image data processed by libpng has been reported. A malformed PNG file could be created causing libpng to report an incorrect size of the image. When the dimensions of such images are underreported, the Mozilla code displaying the graphic will allocate a memory buffer to small to contain the image data and will wind up writing data past the end of the buffer.\n This could result in the execution of attacker-controlled memory. (MFSA 2010-41 / CVE-2010-1205)\n\n - The Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. (MFSA 2010-42 / CVE-2010-1213)\n\n - Two methods for spoofing the content of the location bar have been reported. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead about the correct location of the document they are currently viewing. (MFSA 2010-45 / CVE-2010-1206)\n\n - The location bar can be spoofed to look like a secure page even though the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect, but with JavaScript calling history.back() and history.forward() will result in the plaintext resource being displayed with a valid SSL/TLS badge in the location bar. (MFSA 2010-45 / CVE-2010-2751)\n\n - Data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. (MFSA 2010-46 / CVE-2010-0654)\n\n - Potentially sensitive URL parameters can be leaked across domains upon script errors when the script filename and line number is included in the error message. (MFSA 2010-47 / CVE-2010-2754)", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_MOZILLAFIREFOX-100722.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50874", "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2780 / 2781)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50874);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2010-0654\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1211\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2780 / 2781)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to the 3.5.11 security release.\n\nIt fixes following security issues :\n\n - Several memory safety bugs in habe been identified in\n the browser engine used in Firefox and other\n Mozilla-based products. Some of these bugs show evidence\n of memory corruption under certain circumstances, and it\n is presumed that with enough effort at least some of\n these could be exploited to run arbitrary code. (MFSA\n 2010-34 / CVE-2010-1211)\n\n - An error in the DOM attribute cloning routine has been\n reported, where under certain circumstances an event\n attribute node can be deleted while another object still\n contains a reference to it. This reference could\n subsequently be accessed, potentially causing the\n execution of attacker controlled memory. (MFSA 2010-35 /\n CVE-2010-1208)\n\n - An error in Mozilla's implementation of NodeIterator has\n been reported which can be used to create a malicious\n NodeFilter to detach nodes from the DOM tree while it is\n being traversed. The use of a detached and subsequently\n deleted node could result in the execution of attacker\n controlled memory. (MFSA 2010-36 / CVE-2010-1209)\n\n - An error in the code used to store the names and values\n of plugin parameter elements has been found. A malicious\n page could embed plugin content containing a very large\n number of parameter elements which would cause an\n overflow in the integer value counting them. This\n integer is later used for allocation of a memory buffer\n to store the plugin parameters. Under such conditions, a\n buffer that is too small would be created and attacker\n controlled data could be written past the end of the\n buffer, potentially resulting in code execution. (MFSA\n 2010-37 / CVE-2010-1214)\n\n - An array class used to store CSS values contains an\n integer overflow vulnerability. A 16 bit integer used to\n allocate the memory for the array could overflow,\n resulting in too small a buffer being created. When the\n array is later populated with CSS values, data could be\n written past the end of the buffer, potentially\n resulting in the execution of attacker controlled\n memory. (MFSA 2010-39 / CVE-2010-2752)\n\n - An integer overflow vulnerability in the implementation\n of the XUL <tree> element's selection attribute has been\n found. When the size of a new selection is sufficiently\n large, the integer used in calculating the length of the\n selection can overflow, resulting in a bogus range being\n marked as selected. When adjustSelection is then called\n on the bogus range, the range is deleted, leaving\n dangling references to the ranges. These could be used\n by an attacker to call into deleted memory and run\n arbitrary code on a victim's computer. (MFSA 2010-40 /\n CVE-2010-2753)\n\n - A buffer overflow in Mozilla graphics code which\n consumes image data processed by libpng has been\n reported. A malformed PNG file could be created causing\n libpng to report an incorrect size of the image. When\n the dimensions of such images are underreported, the\n Mozilla code displaying the graphic will allocate a\n memory buffer to small to contain the image data and\n will wind up writing data past the end of the buffer.\n This could result in the execution of\n attacker-controlled memory. (MFSA 2010-41 /\n CVE-2010-1205)\n\n - The Web Worker method importScripts can read and parse\n resources from other domains even when the content is\n not valid JavaScript. This is a violation of the\n same-origin policy and could be used by an attacker to\n steal information from other sites. (MFSA 2010-42 /\n CVE-2010-1213)\n\n - Two methods for spoofing the content of the location bar\n have been reported. The first method works by opening a\n new window containing a resource that responds with an\n HTTP 204 (no content) and then using the reference to\n the new window to insert HTML content into the blank\n document. The second location bar spoofing method does\n not require that the resource opened in a new window\n respond with 204, as long as the opener calls\n window.stop() before the document is loaded. In either\n case a user could be mislead about the correct location\n of the document they are currently viewing. (MFSA\n 2010-45 / CVE-2010-1206)\n\n - The location bar can be spoofed to look like a secure\n page even though the current document was served via\n plaintext. The vulnerability is triggered by a server by\n first redirecting a request for a plaintext resource to\n another resource behind a valid SSL/TLS certificate. A\n second request made to the original plaintext resource\n which is responded to not with a redirect, but with\n JavaScript calling history.back() and history.forward()\n will result in the plaintext resource being displayed\n with a valid SSL/TLS badge in the location bar. (MFSA\n 2010-45 / CVE-2010-2751)\n\n - Data can be read across domains by injecting bogus CSS\n selectors into a target site and then retrieving the\n data using JavaScript APIs. If an attacker can inject\n opening and closing portions of a CSS selector into\n points A and B of a target page, then the region between\n the two injection points becomes readable to JavaScript\n through, for example, the getComputedStyle() API. (MFSA\n 2010-46 / CVE-2010-0654)\n\n - Potentially sensitive URL parameters can be leaked\n across domains upon script errors when the script\n filename and line number is included in the error\n message. (MFSA 2010-47 / CVE-2010-2754)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0654.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1205.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1206.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1208.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1209.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1211.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2751.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2752.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2753.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2754.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2780 / 2781 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-translations-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-translations-3.5.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.11-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-05-29T18:33:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0547\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212,\nCVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753)\n\nA memory corruption flaw was found in the way Firefox decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2010-1205)\n\nSeveral same-origin policy bypass flaws were found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim has loaded with\nFirefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754)\n\nA flaw was found in the way Firefox presented the location bar to a user. A\nmalicious website could trick a user into thinking they are visiting the\nsite reported by the location bar, when the page is actually content\ncontrolled by an attacker. (CVE-2010-1206)\n\nA flaw was found in the way Firefox displayed the location bar when\nvisiting a secure web page. A malicious server could use this flaw to\npresent data that appears to originate from a secure server, even though it\ndoes not. (CVE-2010-2751)\n\nA flaw was found in the way Firefox displayed certain malformed characters.\nA malicious web page could use this flaw to bypass certain string\nsanitization methods, allowing it to display malicious information to\nusers. (CVE-2010-1210)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.7. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.7, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016878.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016879.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016821.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016822.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0547.html", "modified": "2010-08-06T19:18:19", "published": "2010-07-22T11:29:05", "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/016821.html", "id": "CESA-2010:0547", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:20:59", "bulletinFamily": "unix", "description": "Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214)\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215)\n\nAn integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207)\n\nO. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210)\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206)\n\nJordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751)\n\nChris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)", "modified": "2010-07-23T00:00:00", "published": "2010-07-23T00:00:00", "id": "USN-957-1", "href": "https://usn.ubuntu.com/957-1/", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:37", "bulletinFamily": "unix", "description": "USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755)\n\nThis update fixes the problem.\n\nOriginal advisory details:\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214)\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215)\n\nAn integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207)\n\nO. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210)\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206)\n\nJordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751)\n\nChris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)", "modified": "2010-07-26T00:00:00", "published": "2010-07-26T00:00:00", "id": "USN-957-2", "href": "https://usn.ubuntu.com/957-2/", "title": "Firefox and Xulrunner vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:29", "bulletinFamily": "unix", "description": "USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6.\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214)\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215)\n\nAn integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207)\n\nO. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210)\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206)\n\nJordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751)\n\nChris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)\n\nOriginal advisory details:\n\nIf was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121)\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198)\n\nAn integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196)\n\nMartin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199)\n\nMichal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125)\n\nIlja van Sprundel discovered that the \u2018Content-Disposition: attachment\u2019 HTTP header was ignored when \u2018Content-Type: multipart\u2019 was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197)\n\nAmit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. (CVE-2008-5913)", "modified": "2010-07-23T00:00:00", "published": "2010-07-23T00:00:00", "id": "USN-930-4", "href": "https://usn.ubuntu.com/930-4/", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:48", "bulletinFamily": "unix", "description": "USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2.\n\nOriginal advisory details:\n\nIf was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121)\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198)\n\nAn integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196)\n\nMartin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199)\n\nMichal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125)\n\nIlja van Sprundel discovered that the \u2018Content-Disposition: attachment\u2019 HTTP header was ignored when \u2018Content-Type: multipart\u2019 was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197)\n\nAmit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. (CVE-2008-5913)\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214)\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215)\n\nAn integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207)\n\nO. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210)\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206)\n\nJordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751)\n\nChris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)", "modified": "2010-07-23T00:00:00", "published": "2010-07-23T00:00:00", "id": "USN-930-5", "href": "https://usn.ubuntu.com/930-5/", "title": "ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:06", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212,\nCVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753)\n\nA memory corruption flaw was found in the way Firefox decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2010-1205)\n\nSeveral same-origin policy bypass flaws were found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim has loaded with\nFirefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754)\n\nA flaw was found in the way Firefox presented the location bar to a user. A\nmalicious website could trick a user into thinking they are visiting the\nsite reported by the location bar, when the page is actually content\ncontrolled by an attacker. (CVE-2010-1206)\n\nA flaw was found in the way Firefox displayed the location bar when\nvisiting a secure web page. A malicious server could use this flaw to\npresent data that appears to originate from a secure server, even though it\ndoes not. (CVE-2010-2751)\n\nA flaw was found in the way Firefox displayed certain malformed characters.\nA malicious web page could use this flaw to bypass certain string\nsanitization methods, allowing it to display malicious information to\nusers. (CVE-2010-1210)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.7. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.7, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2017-09-08T11:55:17", "published": "2010-07-20T04:00:00", "id": "RHSA-2010:0547", "href": "https://access.redhat.com/errata/RHSA-2010:0547", "type": "redhat", "title": "(RHSA-2010:0547) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "unix", "description": "firefox:\n[3.6.7-2.0.1.el5]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.7-2]\n- Update to 3.6.7 beta2\n[3.6.7-1]\n- Update to 3.6.7\n[3.6.4-9]\n- Fixed rhbz#531159 - default browser check\nxulrunner:\n[1.9.2.7-2.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.7-2]\n- Update to build 2\n[1.9.2.7-1]\n- Update to 1.9.2.7\n[1.9.2.4-10]\n- Fix a file dependency issue ", "modified": "2010-07-21T00:00:00", "published": "2010-07-21T00:00:00", "id": "ELSA-2010-0547", "href": "http://linux.oracle.com/errata/ELSA-2010-0547.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:20:21", "bulletinFamily": "unix", "description": "Various security issues have been found in the Mozilla suite, and the various browsers have been updated to fix these issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2010-07-30T13:10:04", "published": "2010-07-30T13:10:04", "id": "SUSE-SA:2010:032", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00008.html", "type": "suse", "title": "remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "unix", "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)\nMFSA 2010-35 DOM attribute cloning remote code execution vulnerability\nMFSA 2010-36 Use-after-free error in NodeIterator\nMFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability\nMFSA 2010-38 Arbitrary code execution using SJOW and fast native function\nMFSA 2010-39 nsCSSValue::Array index integer overflow\nMFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability\nMFSA 2010-41 Remote code execution using malformed PNG image\nMFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts\nMFSA 2010-43 Same-origin bypass using canvas context\nMFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish\nMFSA 2010-45 Multiple location bar spoofing vulnerabilities\nMFSA 2010-46 Cross-domain data theft using CSS\nMFSA 2010-47 Cross-origin data leakage from script filename in error messages\n\n", "modified": "2010-07-20T00:00:00", "published": "2010-07-20T00:00:00", "id": "8C2EA875-9499-11DF-8E32-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/8c2ea875-9499-11df-8e32-000f20797ede.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
