"Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,
Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella
discovered memory corruption bugs, which may lead to the execution
of arbitrary code.
CVE-2011-0065 CVE-2011-0066 CVE-2011-0073
"regenrecht" discovered several dangling pointer vulnerabilities,
which may lead to the execution of arbitrary code.
CVE-2011-0067
Paul Stone discovered that Java applets could steal information
from the autocompletion history.
CVE-2011-0071
Soroush Dalili discovered a directory traversal vulnerability in
handling resource URIs.
For the lenny-backports distribution the problems have been fixed in
version 3.5.16-7~bpo50+1.
For the oldstable distribution (lenny), this problem will be fixed soon
with updated packages of the xulrunner source package.
For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-7.
For the unstable distribution (sid), this problem has been fixed in
version 3.5.19-1.
Upgrade instructions
If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions>
We recommend to pin (in /etc/apt/preferences) the backports repository
to 200 so that new versions of installed backports will be installed
automatically.
{"id": "DEBIAN:BSA-034:9DF39", "bulletinFamily": "unix", "title": "[BSA-034] Security Update for iceweasel", "description": "Mike Hommey uploaded new packages for iceweasel which fixed the\nfollowing security problems:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.5.16-7~bpo50+1.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n \nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\n\nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository\nto 200 so that new versions of installed backports will be installed\nautomatically. \n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "published": "2011-05-12T10:01:56", "modified": "2011-05-12T10:01:56", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201105/msg00000.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "type": "debian", "lastseen": "2020-11-11T13:19:00", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DSA-2235-1:7DA12", "DEBIAN:DSA-2228-1:3272E", "DEBIAN:DSA-2227-1:C543D"]}, {"type": "openvas", "idList": ["OPENVAS:69731", "OPENVAS:1361412562310870425", "OPENVAS:1361412562310881393", "OPENVAS:136141256231069731", "OPENVAS:136141256231069570", "OPENVAS:69573", "OPENVAS:1361412562310840650", "OPENVAS:69570", "OPENVAS:136141256231069573", "OPENVAS:840640"]}, {"type": "nessus", "idList": ["SUSE_11_4_SEAMONKEY-110429.NASL", "UBUNTU_USN-1122-2.NASL", "SUSE_11_2_SEAMONKEY-110429.NASL", "REDHAT-RHSA-2011-0471.NASL", "DEBIAN_DSA-2235.NASL", "DEBIAN_DSA-2228.NASL", "DEBIAN_DSA-2227.NASL", "UBUNTU_USN-1122-3.NASL", "UBUNTU_USN-1122-1.NASL", "SUSE_11_3_SEAMONKEY-110429.NASL"]}, {"type": "ubuntu", "idList": ["USN-1122-3", "USN-1122-2", "USN-1122-1", "USN-1112-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0471", "ELSA-2011-0473", "ELSA-2011-0475"]}, {"type": "centos", "idList": ["CESA-2011:0473", "CESA-2011:0471"]}, {"type": "redhat", "idList": ["RHSA-2011:0475", "RHSA-2011:0471", "RHSA-2011:0473"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11633", "SECURITYVULNS:DOC:26237"]}, {"type": "suse", "idList": ["SUSE-SA:2011:022"]}], "modified": "2020-11-11T13:19:00", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2020-11-11T13:19:00", "rev": 2}, "vulnersScore": 5.7}, "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "iceweasel_3.5.16-7_all.deb", "packageName": "iceweasel", "packageVersion": "3.5.16-7"}], "scheme": null}
{"debian": [{"lastseen": "2019-05-30T02:22:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2227-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 30, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 \n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 \n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n \nThe oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-1.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2011-04-30T15:09:09", "published": "2011-04-30T15:09:09", "id": "DEBIAN:DSA-2227-1:C543D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00096.html", "title": "[SECURITY] [DSA 2227-1] iceape security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:30:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2228-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 01, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073\n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078\n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been found in Iceweasel, a web browser \nbased on Firefox:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n \nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-05-01T16:51:09", "published": "2011-05-01T16:51:09", "id": "DEBIAN:DSA-2228-1:3272E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00097.html", "title": "[SECURITY] [DSA 2228-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:21:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2235-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073\n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078\n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-05-10T20:15:08", "published": "2011-05-10T20:15:08", "id": "DEBIAN:DSA-2235-1:7DA12", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00104.html", "title": "[SECURITY] [DSA 2235-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:46:27", "description": "Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.", "edition": 17, "published": "2011-05-02T00:00:00", "title": "Debian DSA-2228-1 : iceweasel - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-05-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:iceweasel"], "id": "DEBIAN_DSA-2228.NASL", "href": "https://www.tenable.com/plugins/nessus/53603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2228. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53603);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"DSA\", value:\"2228\");\n\n script_name(english:\"Debian DSA-2228-1 : iceweasel - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2228\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the oldstable distribution (lenny), this problem will be fixed\nsoon with updated packages of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"iceweasel\", reference:\"3.5.16-7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceweasel-dbg\", reference:\"3.5.16-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:46:27", "description": "Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of SeaMonkey :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.", "edition": 17, "published": "2011-05-02T00:00:00", "title": "Debian DSA-2227-1 : iceape - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-05-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:iceape"], "id": "DEBIAN_DSA-2227.NASL", "href": "https://www.tenable.com/plugins/nessus/53602", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2227. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53602);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"DSA\", value:\"2227\");\n\n script_name(english:\"Debian DSA-2227-1 : iceape - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of SeaMonkey :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/iceape\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2227\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceape packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"iceape\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-browser\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-chatzilla\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dbg\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dev\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-mailnews\", reference:\"2.0.11-5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:46:29", "description": "Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support\nfor the Icedove packages in the oldstable needed to be stopped before\nthe end of the regular Lenny security maintenance life cycle. You are\nstrongly encouraged to upgrade to stable or switch to a different mail\nclient.", "edition": 17, "published": "2011-05-11T00:00:00", "title": "Debian DSA-2235-1 : icedove - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-05-11T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:icedove"], "id": "DEBIAN_DSA-2235.NASL", "href": "https://www.tenable.com/plugins/nessus/53862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2235. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53862);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"DSA\", value:\"2235\");\n\n script_name(english:\"Debian DSA-2235-1 : icedove - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support\nfor the Icedove packages in the oldstable needed to be stopped before\nthe end of the regular Lenny security maintenance life cycle. You are\nstrongly encouraged to upgrade to stable or switch to a different mail\nclient.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2235\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icedove\", reference:\"3.0.11-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icedove-dbg\", reference:\"3.0.11-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icedove-dev\", reference:\"3.0.11-1+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:36:43", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_4_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/76019", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76019);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:11", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_3_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75738);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-common-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-other-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:06:40", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_2_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/53800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53800);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:09:07", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 28, "published": "2011-04-29T00:00:00", "title": "RHEL 4 / 5 / 6 : firefox (RHSA-2011:0471)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-04-29T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/53580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0471. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53580);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"RHSA\", value:\"2011:0471\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : firefox (RHSA-2011:0471)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1202\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab0bbddd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0471\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0471\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.6.17-2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.6.17-1.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.2.17-3.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.2.17-3.el5_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-3.6.17-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-3.6.17-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.17-4.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.17-4.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.17-4.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:34", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110428_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61025", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61025);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata&T=0&P=3138\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3390d95\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected firefox, xulrunner and / or xulrunner-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.6.17-2.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.6.17-1.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.2.17-3.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.2.17-3.el5_6\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-3.6.17-1.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-1.9.2.17-4.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-1.9.2.17-4.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:20:31", "description": "It was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain\nJavaScript requests. If JavaScript were enabled, an attacker could\nexploit this to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse\nRuderman discovered several memory vulnerabilities. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering\ncode. An attacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of\ncertain DOM elements. An attacker could exploit this to possibly run\narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in\nThunderbird's mChannel and mObserverList objects. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of\nthe nsTreeSelection element. An attacker sending a specially crafted\nE-Mail could exploit this to possibly run arbitrary code as the user\nrunning Thunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nIf plugins were enabled, an attacker could use this to mimic\ninteraction with form autocomplete controls and steal entries from the\nform history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that\nwere accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2011-06-13T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird"], "id": "UBUNTU_USN-1122-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55080", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1122-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55080);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_bugtraq_id(47641, 47646, 47647, 47648, 47651, 47653, 47654, 47655, 47656, 47659, 47662, 47663, 47666, 47667, 47668);\n script_xref(name:\"USN\", value:\"1122-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain\nJavaScript requests. If JavaScript were enabled, an attacker could\nexploit this to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse\nRuderman discovered several memory vulnerabilities. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering\ncode. An attacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of\ncertain DOM elements. An attacker could exploit this to possibly run\narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in\nThunderbird's mChannel and mObserverList objects. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of\nthe nsTreeSelection element. An attacker sending a specially crafted\nE-Mail could exploit this to possibly run arbitrary code as the user\nrunning Thunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nIf plugins were enabled, an attacker could use this to mimic\ninteraction with form autocomplete controls and steal entries from the\nform history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that\nwere accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1122-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"thunderbird\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"thunderbird\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:58", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 26, "published": "2011-05-02T00:00:00", "title": "CentOS 4 / 5 : firefox (CESA-2011:0471)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-05-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/53598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0471 and \n# CentOS Errata and Security Advisory 2011:0471 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53598);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"RHSA\", value:\"2011:0471\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2011:0471)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017460.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9b76e816\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017461.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cabd06ba\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017470.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e54017ae\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017471.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c2b0bf5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.6.17-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.6.17-2.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.6.17-1.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.2.17-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.2.17-3.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to iceweasel\nannounced via advisory DSA 2228-1.", "modified": "2019-03-18T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:136141256231069573", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069573", "type": "openvas", "title": "Debian Security Advisory DSA 2228-1 (iceweasel)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2228_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2228-1 (iceweasel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69573\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2228-1 (iceweasel)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202228-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your iceweasel packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to iceweasel\nannounced via advisory DSA 2228-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"3.5.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"3.5.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs2d\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs2d-dbg\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-1.9.1\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-dbg\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.1.16-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2235-1.", "modified": "2017-07-07T00:00:00", "published": "2011-08-03T00:00:00", "id": "OPENVAS:69731", "href": "http://plugins.openvas.org/nasl.php?oid=69731", "type": "openvas", "title": "Debian Security Advisory DSA 2235-1 (icedove)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2235_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2235-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 2235-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202235-1\";\n\n\nif(description)\n{\n script_id(69731);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2235-1 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to iceweasel\nannounced via advisory DSA 2228-1.", "modified": "2017-07-07T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:69573", "href": "http://plugins.openvas.org/nasl.php?oid=69573", "type": "openvas", "title": "Debian Security Advisory DSA 2228-1 (iceweasel)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2228_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2228-1 (iceweasel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\n\nWe recommend that you upgrade your iceweasel packages.\";\ntag_summary = \"The remote host is missing an update to iceweasel\nannounced via advisory DSA 2228-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202228-1\";\n\n\nif(description)\n{\n script_id(69573);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2228-1 (iceweasel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"3.5.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"3.5.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs2d\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs2d-dbg\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9.1-dbg\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.1.16-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 2227-1.", "modified": "2017-07-07T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:69570", "href": "http://plugins.openvas.org/nasl.php?oid=69570", "type": "openvas", "title": "Debian Security Advisory DSA 2227-1 (iceape)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2227_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2227-1 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-1.\n\nWe recommend that you upgrade your iceape packages.\";\ntag_summary = \"The remote host is missing an update to iceape\nannounced via advisory DSA 2227-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202227-1\";\n\n\nif(description)\n{\n script_id(69570);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2227-1 (iceape)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceape\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"2.0.11-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2235-1.", "modified": "2019-03-18T00:00:00", "published": "2011-08-03T00:00:00", "id": "OPENVAS:136141256231069731", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069731", "type": "openvas", "title": "Debian Security Advisory DSA 2235-1 (icedove)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2235_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2235-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69731\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2235-1 (icedove)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202235-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your icedove packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to icedove\nannounced via advisory DSA 2235-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"3.0.11-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 2227-1.", "modified": "2019-03-18T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:136141256231069570", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069570", "type": "openvas", "title": "Debian Security Advisory DSA 2227-1 (iceape)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2227_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2227-1 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69570\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2227-1 (iceape)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202227-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\nScoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\nMats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\ndiscovered memory corruption bugs, which may lead to the execution\nof arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\nregenrecht discovered several dangling pointer vulnerabilities,\nwhich may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\nPaul Stone discovered that Java applets could steal information\nfrom the autocompletion history.\n\nCVE-2011-0071\n\nSoroush Dalili discovered a directory traversal vulnerability in\nhandling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your iceape packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to iceape\nannounced via advisory DSA 2227-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceape\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"2.0.11-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1122-1", "modified": "2017-12-01T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:840652", "href": "http://plugins.openvas.org/nasl.php?oid=840652", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1122-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1122_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for thunderbird USN-1122-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\n It was discovered that Thunderbird incorrectly handled certain JavaScript\n requests. If JavaScript were enabled, an attacker could exploit this to\n possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0069)\n \n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n \n Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman\n discovered several memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0080)\n \n Aki Helin discovered multiple vulnerabilities in the HTML rendering code.\n An attacker could exploit these to possibly run arbitrary code as the user\n running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n \n Ian Beer discovered multiple overflow vulnerabilities. An attacker could\n exploit these to possibly run arbitrary code as the user running\n Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n \n Martin Barbella discovered a memory vulnerability in the handling of\n certain DOM elements. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n \n It was discovered that there were use-after-free vulnerabilities in\n Thunderbird's mChannel and mObserverList objects. An attacker could exploit\n these to possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0065, CVE-2011-0066)\n \n It was discovered that there was a vulnerability in the handling of the\n nsTreeSelection element. An attacker sending a specially crafted E-Mail\n could exploit this to possibly run arbitrary code as the user running\n Thunderbird. (CVE-2011-0073)\n \n Paul Stone discovered a vulnerability in the handling of Java applets. If\n plugins were enabled, an attacker could use this to mimic interaction with\n form autocomplete controls and steal entries from the form history.\n (CVE-2011-0067)\n \n Soroush Dalili discovered a vulnerability in the resource: protocol. This\n could potentially allow an attacker to load arbitrary files that were\n accessible to the user running Thunderbird. (CVE-2011-0071)\n \n Chris Evans discovered a vulnerability in Thunderbird's XSLT generate-id()\n function. An attacker could possibly use this vulnerability to make other\n attacks more reliable. (CVE-2011-1202)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1122-1\";\ntag_affected = \"thunderbird on Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1122-1/\");\n script_id(840652);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1122-1\");\n script_cve_id(\"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0071\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for thunderbird USN-1122-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.10+build1+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.10+build1+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Oracle Linux Local Security Checks ELSA-2011-0471", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122186", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0471", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0471.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122186\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:29 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0471\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0471 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0471\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0471.html\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~1.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.17~3.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.17~3.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~1.0.1.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.17~4.0.1.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.17~4.0.1.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880561", "href": "http://plugins.openvas.org/nasl.php?oid=880561", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:0471 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:0471 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n \n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n \n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the "rows" and "cols" attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n \n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n \n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n \n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n \n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n \n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n \n A double free flaw was found in the way Firefox handled\n "application/http-index-format" documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n \n A flaw was found in the way Firefox handled certain JavaScript cross-domain\n requests. If malicious content generated a large number of cross-domain\n JavaScript reque ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017470.html\");\n script_id(880561);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0471\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\",\n \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\",\n \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_name(\"CentOS Update for firefox CESA-2011:0471 centos4 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~2.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1122-2", "modified": "2019-03-13T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:1361412562310840650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840650", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1122-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1122_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-1122-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1122-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840650\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1122-2\");\n script_cve_id(\"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0071\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for thunderbird USN-1122-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1122-2\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick.\n This update provides the corresponding fixes for Natty.\n\n Original advisory details:\n\n It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\n It was discovered that Thunderbird incorrectly handled certain JavaScript\n requests. If JavaScript were enabled, an attacker could exploit this to\n possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0069)\n\n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\n Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman\n discovered several memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0080)\n\n Aki Helin discovered multiple vulnerabilities in the HTML rendering code.\n An attacker could exploit these to possibly run arbitrary code as the user\n running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\n Ian Beer discovered multiple overflow vulnerabilities. An attacker could\n exploit these to possibly run arbitrary code as the user running\n Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n\n Martin Barbella discovered a memory vulnerability in the handling of\n certain DOM elements. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\n It was discovered that there were use-after-free vulnerabilities in\n Thunderbird's mChannel and mObserverList objects. An attacker could exploit\n these to possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0065, CVE-2011-0066)\n\n It was discovered that there was a vulnerability in the handling of the\n nsTreeSelection element. An attacker sending a specially crafted E-Mail\n could exploit this to possibly run arbitrary code as the user running\n Thunderbird. (CVE-2011-0073)\n\n Paul Stone discovered a vulnerability in the handling of Java applets. If\n plugins were enabled, an attacker could use this to mimic interaction with\n form autocomplete controls and steal entries from the form history.\n (CVE-2011-0067)\n\n Soroush Dalili discovered a vulnerability in the resource: protocol. This\n could potentially allow an attacker to load arbitrary files that were\n accessible to the user running Thunderbird. (CV ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.10+build1+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-08T23:42:23", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "It was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript \nrequests. An attacker could exploit this to possibly run arbitrary code as \nthe user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Firefox. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nFirefox's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker serving malicious content could \nexploit this to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. An \nattacker could use this to mimic interaction with form autocomplete \ncontrols and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Firefox. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "USN-1112-1", "href": "https://ubuntu.com/security/notices/USN-1112-1", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:28:58", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. \nThis update provides the corresponding fixes for Natty.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "USN-1122-2", "href": "https://ubuntu.com/security/notices/USN-1122-2", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:25:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "It was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "USN-1122-1", "href": "https://ubuntu.com/security/notices/USN-1122-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:28:28", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A \nregression was introduced which caused Thunderbird to display an empty menu \nbar. This update fixes the problem. We apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-06-06T00:00:00", "published": "2011-06-06T00:00:00", "id": "USN-1122-3", "href": "https://ubuntu.com/security/notices/USN-1122-3", "title": "Thunderbird regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "firefox:\n[3.6.17-1.0.1.el6_0]\n- Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js\n[3.6.17-1]\n- Update to 3.6.17\nxulrunner:\n[1.9.2.17-4.0.1.el6_0]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n[1.9.2.17-4]\n- Rebuild\n[1.9.2.17-3]\n- Update to 1.9.2.17", "edition": 4, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "ELSA-2011-0471", "href": "http://linux.oracle.com/errata/ELSA-2011-0471.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:31", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0078", "CVE-2011-0070"], "description": "[3.1.10-1.0.1.el6_0]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.10-1]\n- Update to 3.1.10", "edition": 4, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "ELSA-2011-0475", "href": "http://linux.oracle.com/errata/ELSA-2011-0475.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:20", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0078", "CVE-2011-0072"], "description": "[1.0.9-70.0.1.el4_8]\n- Add mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and remove corresponding RedHat ones\n[1.0.9-70.el4]\n- Added fixes for mozbz#645565 and mozbz#646460\n[1.0.9-69.el4]\n- Added fixes from 1.9.1.19", "edition": 4, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "ELSA-2011-0473", "href": "http://linux.oracle.com/errata/ELSA-2011-0473.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:10", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox. (CVE-2011-0080,\nCVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nFirefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page\nwith an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A\nmalformed HTML document could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element.\nMalformed content could cause Firefox to execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol\nhandler. Malicious content could cause Firefox to access arbitrary files\naccessible to the user running Firefox. (CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Firefox to execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain\nrequests. If malicious content generated a large number of cross-domain\nJavaScript requests, it could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information.\n(CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function\nreturned the memory address of an object in memory, which could possibly be\nused by attackers to bypass address randomization protections.\n(CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.17. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.17, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:10", "published": "2011-04-28T04:00:00", "id": "RHSA-2011:0471", "href": "https://access.redhat.com/errata/RHSA-2011:0471", "type": "redhat", "title": "(RHSA-2011:0471) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:13", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content. An\nHTML mail message containing malicious content could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled\nout-of-memory conditions. If all memory was consumed when a user viewed a\nmalicious HTML mail message, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Thunderbird.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML\nframeset tag. An HTML mail message with a frameset tag containing large\nvalues for the \"rows\" and \"cols\" attributes could trigger this flaw,\npossibly leading to arbitrary code execution with the privileges of the\nuser running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag. An\nHTML mail message with an iframe tag containing a specially-crafted source\naddress could trigger this flaw, possibly leading to arbitrary code\nexecution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2011-0073)\n\nA directory traversal flaw was found in the Thunderbird resource://\nprotocol handler. Malicious content could cause Thunderbird to access\narbitrary files accessible to the user running Thunderbird. (CVE-2011-0071)\n\nA double free flaw was found in the way Thunderbird handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Thunderbird to execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-0070)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2018-06-06T20:24:23", "published": "2011-04-28T04:00:00", "id": "RHSA-2011:0475", "href": "https://access.redhat.com/errata/RHSA-2011:0475", "type": "redhat", "title": "(RHSA-2011:0475) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running SeaMonkey. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nSeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A web\npage with an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running SeaMonkey. (CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee elements.\nA malformed HTML document could cause SeaMonkey to execute arbitrary code\nwith the privileges of the user running SeaMonkey. (CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection element.\nMalformed content could cause SeaMonkey to execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause SeaMonkey to execute arbitrary code with\nthe privileges of the user running SeaMonkey. (CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "modified": "2017-09-08T11:51:24", "published": "2011-04-28T04:00:00", "id": "RHSA-2011:0473", "href": "https://access.redhat.com/errata/RHSA-2011:0473", "type": "redhat", "title": "(RHSA-2011:0473) Critical: seamonkey security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:00", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0471\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox. (CVE-2011-0080,\nCVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nFirefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page\nwith an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A\nmalformed HTML document could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element.\nMalformed content could cause Firefox to execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol\nhandler. Malicious content could cause Firefox to access arbitrary files\naccessible to the user running Firefox. (CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Firefox to execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain\nrequests. If malicious content generated a large number of cross-domain\nJavaScript requests, it could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information.\n(CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function\nreturned the memory address of an object in memory, which could possibly be\nused by attackers to bypass address randomization protections.\n(CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.17. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.17, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029498.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029499.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029508.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029509.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n", "edition": 3, "modified": "2011-04-29T21:10:44", "published": "2011-04-29T15:48:25", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/029498.html", "id": "CESA-2011:0471", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0072"], "description": "Mozilla Foundation Security Advisory 2011-12\r\n\r\nTitle: Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)\r\nImpact: Critical\r\nAnnounced: April 28, 2011\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 4.0.1\r\n Firefox 3.6.17\r\n Firefox 3.5.19\r\n Thunderbird 3.1.10\r\n SeaMonkey 2.0.14\r\nDescription\r\n\r\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\r\nCredits\r\n\r\nMozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils, Scoobidiver, and Ted Mielczarek reported memory safety issues which affected Firefox 4.\r\n\r\n Memory safety bugs affecting Firefox 4\r\n CVE-2011-0079\r\n\r\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6\r\n\r\n Memory safety bugs affecting Firefox 4 and Firefox 3.6\r\n CVE-2011-0081\r\n\r\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=644069\r\n CVE-2011-0069\r\n\r\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=645565\r\n CVE-2011-0070\r\n\r\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5\r\n\r\n Memory safety bugs - Firefox 3.6, Firefox 3.5\r\n CVE-2011-0080\r\n\r\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=619021\r\n CVE-2011-0074\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=635977\r\n CVE-2011-0075\r\n\r\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=623998\r\n CVE-2011-0077\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=635705\r\n CVE-2011-0078\r\n\r\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5.\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=624187\r\n CVE-2011-0072\r\n", "edition": 1, "modified": "2011-05-01T00:00:00", "published": "2011-05-01T00:00:00", "id": "SECURITYVULNS:DOC:26237", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26237", "title": "Mozilla Foundation Security Advisory 2011-12", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0068", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0079", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0076", "CVE-2011-0067", "CVE-2011-0072"], "description": "Multiple memory corruptions, uninitialized pointer dereferences, information leakage, code execution.", "edition": 1, "modified": "2011-05-11T00:00:00", "published": "2011-05-11T00:00:00", "id": "SECURITYVULNS:VULN:11633", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11633", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:32:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0068", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0079", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0076", "CVE-2011-0067", "CVE-2011-0072"], "description": "The Mozilla suite of browsers received security updates.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-05-05T17:46:39", "published": "2011-05-05T17:46:39", "id": "SUSE-SA:2011:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00001.html", "title": "remote code execution, remote denial of service in MozillaFirefox,seamonkey,MozillaThunderbird", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}