ID DEBIAN:DSA-2410-1:8641E Type debian Reporter Debian Modified 2012-02-15T21:03:08
Description
Debian Security Advisory DSA-2410-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 15, 2012 http://www.debian.org/security/faq
Package : libpng
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3026
Jueri Aedla discovered an integer overflow in the libpng PNG library,
which could lead to the execution of arbitrary code if a malformed
image is processed.
For the stable distribution (squeeze), this problem has been fixed in
version 1.2.44-1+squeeze2.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your libpng packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
{"id": "DEBIAN:DSA-2410-1:8641E", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 2410-1] libpng security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2410-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 15, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libpng\nVulnerability : integer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3026 \n\nJueri Aedla discovered an integer overflow in the libpng PNG library,\nwhich could lead to the execution of arbitrary code if a malformed\nimage is processed.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your libpng packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2012-02-15T21:03:08", "modified": "2012-02-15T21:03:08", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00037.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2011-3026"], "type": "debian", "lastseen": "2020-11-11T13:19:47", "edition": 4, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3026"]}, {"type": "openvas", "idList": ["OPENVAS:881072", "OPENVAS:1361412562310864380", "OPENVAS:1361412562310881208", "OPENVAS:1361412562310123985", "OPENVAS:881126", "OPENVAS:136141256231071137", "OPENVAS:1361412562310864117", "OPENVAS:1361412562310881188", "OPENVAS:840892", "OPENVAS:831561"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0316-1", "OPENSUSE-SU-2012:0297-1", "SUSE-SU-2012:0303-1"]}, {"type": "nessus", "idList": ["FEDORA_2012-1800.NASL", "ORACLELINUX_ELSA-2012-0143.NASL", "FEDORA_2012-1794.NASL", "IBM_INFORMIX_GENERO_2_41.NASL", "ORACLELINUX_ELSA-2012-0142.NASL", "REDHAT-RHSA-2012-0140.NASL", "SEAMONKEY_272.NASL", "FREEBSD_PKG_D7DBD2DB599C11E1A2FB14DAE9EBCF89.NASL", "UBUNTU_USN-1367-2.NASL", "CENTOS_RHSA-2012-0143.NASL"]}, {"type": "centos", "idList": ["CESA-2012:0140", "CESA-2012:0143", "CESA-2012:0141", "CESA-2012:0142"]}, {"type": "ubuntu", "idList": ["USN-1367-2", "USN-1367-4", "USN-1367-3"]}, {"type": "redhat", "idList": ["RHSA-2012:0143", "RHSA-2012:0140", "RHSA-2012:0141", "RHSA-2012:0142", "RHSA-2012:0317"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0141", "ELSA-2012-0142", "ELSA-2012-0317", "ELSA-2012-0140"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27691"]}, {"type": "fedora", "idList": ["FEDORA:6D0B92125D", "FEDORA:2E5B62122E", "FEDORA:E9A172121F", "FEDORA:4ED9921EED", "FEDORA:82289220A8", "FEDORA:92CA820F7E"]}, {"type": "mozilla", "idList": ["MFSA2012-11"]}], "modified": "2020-11-11T13:19:47", "rev": 2}, "score": {"value": 8.4, "vector": "NONE", "modified": "2020-11-11T13:19:47", "rev": 2}, "vulnersScore": 8.4}, "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "libpng_1.2.44-1+squeeze2_all.deb", "packageName": "libpng", "packageVersion": "1.2.44-1+squeeze2"}], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:39:09", "description": "Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.", "edition": 9, "cvss3": {}, "published": "2012-02-16T20:55:00", "title": "CVE-2011-3026", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-16T16:37:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.6.8", "cpe:/o:apple:mac_os_x:10.6.8", "cpe:/o:opensuse:opensuse:11.4", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:suse_linux_enterprise_server:11"], "id": "CVE-2011-3026", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3026", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:vmware:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:sp2:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T10:10:14", "description": "Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-02-23T00:00:00", "title": "Fedora 16 : thunderbird-10.0.1-2.fc16 (2012-1844)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2012-02-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:thunderbird"], "id": "FEDORA_2012-1844.NASL", "href": "https://www.tenable.com/plugins/nessus/58098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1844.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58098);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-1844\");\n\n script_name(english:\"Fedora 16 : thunderbird-10.0.1-2.fc16 (2012-1844)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791185\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073583.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c38cadee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"thunderbird-10.0.1-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:37:29", "description": "USN-1367-1 fixed vulnerabilities in libpng. This provides the\ncorresponding update for Xulrunner.\n\nJueri Aedla discovered that libpng did not properly verify the size\nused when allocating memory during chunk decompression. If a user or\nautomated system using libpng were tricked into opening a specially\ncrafted image, an attacker could exploit this to cause a denial of\nservice or execute code with the privileges of the user invoking the\nprogram. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-02-20T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerability (USN-1367-4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1367-4.NASL", "href": "https://www.tenable.com/plugins/nessus/58036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1367-4. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58036);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"USN\", value:\"1367-4\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerability (USN-1367-4)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1367-1 fixed vulnerabilities in libpng. This provides the\ncorresponding update for Xulrunner.\n\nJueri Aedla discovered that libpng did not properly verify the size\nused when allocating memory during chunk decompression. If a user or\nautomated system using libpng were tricked into opening a specially\ncrafted image, an attacker could exploit this to cause a denial of\nservice or execute code with the privileges of the user invoking the\nprogram. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1367-4/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner-1.9.2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.27+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner-1.9.2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:15", "description": "Fix for the libpng security flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-02-20T00:00:00", "title": "Fedora 16 : xulrunner-10.0.1-3.fc16 (2012-1856)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2012-02-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-1856.NASL", "href": "https://www.tenable.com/plugins/nessus/58020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1856.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58020);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-1856\");\n\n script_name(english:\"Fedora 16 : xulrunner-10.0.1-3.fc16 (2012-1856)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for the libpng security flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791184\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073467.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?628b4e7c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"xulrunner-10.0.1-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:46:43", "description": "From Red Hat Security Advisory 2012:0141 :\n\nUpdated SeaMonkey packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client,\nIRC chat client, and HTML editor.\n\nA heap-based buffer overflow flaw was found in the way SeaMonkey\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause SeaMonkey to crash or, possibly,\nexecute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.", "edition": 17, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : seamonkey (ELSA-2012-0141)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:seamonkey-mail", "p-cpe:/a:oracle:linux:seamonkey-devel", "p-cpe:/a:oracle:linux:seamonkey", "p-cpe:/a:oracle:linux:seamonkey-dom-inspector", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:seamonkey-js-debugger", "p-cpe:/a:oracle:linux:seamonkey-chat"], "id": "ORACLELINUX_ELSA-2012-0141.NASL", "href": "https://www.tenable.com/plugins/nessus/68463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0141 and \n# Oracle Linux Security Advisory ELSA-2012-0141 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68463);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0141\");\n\n script_name(english:\"Oracle Linux 4 : seamonkey (ELSA-2012-0141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0141 :\n\nUpdated SeaMonkey packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client,\nIRC chat client, and HTML editor.\n\nA heap-based buffer overflow flaw was found in the way SeaMonkey\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause SeaMonkey to crash or, possibly,\nexecute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002615.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-chat-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-devel-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-dom-inspector-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-js-debugger-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-mail-1.0.9-79.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:48:03", "description": "The installed version of Firefox 10.x is earlier than 10.0.2 and is,\ntherefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this\napplication. When decompressing certain PNG image files, this error\ncan allow a heap-based buffer overflow which can crash the\napplication or potentially allow code execution.", "edition": 25, "published": "2012-02-17T00:00:00", "title": "Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_1002.NASL", "href": "https://www.tenable.com/plugins/nessus/58005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(58005);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser that is potentially\naffected by an integer overflow vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Firefox 10.x is earlier than 10.0.2 and is,\ntherefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this\napplication. When decompressing certain PNG image files, this error\ncan allow a heap-based buffer overflow which can crash the\napplication or potentially allow code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 10.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.2', min:'10.0', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:10:25", "description": "An updated thunderbird package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird\nhandled PNG (Portable Network Graphics) images. An HTML mail message\nor remote content containing a specially crafted PNG image could cause\nThunderbird to crash or, possibly, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Thunderbird must be\nrestarted for the changes to take effect.", "edition": 22, "published": "2012-02-17T00:00:00", "title": "RHEL 6 : thunderbird (RHSA-2012:0140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2012-02-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0140.NASL", "href": "https://www.tenable.com/plugins/nessus/57992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0140. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57992);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0140\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2012:0140)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird\nhandled PNG (Portable Network Graphics) images. An HTML mail message\nor remote content containing a specially crafted PNG image could cause\nThunderbird to crash or, possibly, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Thunderbird must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3026\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0140\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:46:44", "description": "From Red Hat Security Advisory 2012:0143 :\n\nUpdated xulrunner packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nXULRunner provides the XUL Runtime environment for applications using\nthe Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause an application linked against\nXULRunner (such as Firefox) to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, applications using\nXULRunner must be restarted for the changes to take effect.", "edition": 17, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : xulrunner (ELSA-2012-0143)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:xulrunner", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2012-0143.NASL", "href": "https://www.tenable.com/plugins/nessus/68465", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0143 and \n# Oracle Linux Security Advisory ELSA-2012-0143 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68465);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0143\");\n\n script_name(english:\"Oracle Linux 5 / 6 : xulrunner (ELSA-2012-0143)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0143 :\n\nUpdated xulrunner packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nXULRunner provides the XUL Runtime environment for applications using\nthe Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause an application linked against\nXULRunner (such as Firefox) to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, applications using\nXULRunner must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002617.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002619.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.2.26-2.0.1.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.2.26-2.0.1.el5_7\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-1.9.2.26-2.0.1.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-1.9.2.26-2.0.1.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:37:28", "description": "USN-1367-1 fixed vulnerabilities in libpng. This provides the\ncorresponding update for Firefox.\n\nJueri Aedla discovered that libpng did not properly verify the size\nused when allocating memory during chunk decompression. If a user or\nautomated system using libpng were tricked into opening a specially\ncrafted image, an attacker could exploit this to cause a denial of\nservice or execute code with the privileges of the user invoking the\nprogram. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-02-20T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerability (USN-1367-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1367-2.NASL", "href": "https://www.tenable.com/plugins/nessus/58034", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1367-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58034);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"USN\", value:\"1367-2\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerability (USN-1367-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1367-1 fixed vulnerabilities in libpng. This provides the\ncorresponding update for Firefox.\n\nJueri Aedla discovered that libpng did not properly verify the size\nused when allocating memory during chunk decompression. If a user or\nautomated system using libpng were tricked into opening a specially\ncrafted image, an attacker could exploit this to cause a denial of\nservice or execute code with the privileges of the user invoking the\nprogram. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1367-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"10.0.2+build1-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox\", pkgver:\"10.0.2+build1-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"10.0.2+build1-0ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"firefox\", pkgver:\"10.0.2+build1-0ubuntu0.11.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:27:35", "description": "Updated libpng and libpng10 packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker\ncould create a specially crafted PNG image that, when opened, could\ncause an application using libpng to crash or, possibly, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.", "edition": 20, "published": "2012-02-21T00:00:00", "title": "CentOS 4 / 5 / 6 : libpng / libpng10 (CESA-2012:0317)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2012-02-21T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpng-devel", "p-cpe:/a:centos:centos:libpng10-devel", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:libpng", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:libpng10", "p-cpe:/a:centos:centos:libpng-static", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-0317.NASL", "href": "https://www.tenable.com/plugins/nessus/58042", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0317 and \n# CentOS Errata and Security Advisory 2012:0317 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58042);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0317\");\n\n script_name(english:\"CentOS 4 / 5 / 6 : libpng / libpng10 (CESA-2012:0317)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng and libpng10 packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker\ncould create a specially crafted PNG image that, when opened, could\ncause an application using libpng to crash or, possibly, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018445.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36932609\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018446.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6dc1551\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018447.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54a74547\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018449.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bab4d037\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng and / or libpng10 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3026\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng-devel-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng-devel-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng10-1.0.16-10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng10-1.0.16-10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng10-devel-1.0.16-10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng10-devel-1.0.16-10.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"libpng-1.2.10-15.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpng-devel-1.2.10-15.el5_7\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"libpng-1.2.46-2.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libpng-devel-1.2.46-2.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libpng-static-1.2.46-2.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel / libpng-static / libpng10 / libpng10-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:36:37", "description": "Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with\nthe embedded libpng, where a integer overflow could allow remote\nattackers to crash the browser or potentially execute code\n(CVE-2011-3026),", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : mozilla-js192 (mozilla-js192-5832)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_4_MOZILLA-JS192-120217.NASL", "href": "https://www.tenable.com/plugins/nessus/75962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-js192-5832.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75962);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"openSUSE Security Update : mozilla-js192 (mozilla-js192-5832)\");\n script_summary(english:\"Check for the mozilla-js192-5832 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with\nthe embedded libpng, where a integer overflow could allow remote\nattackers to crash the browser or potentially execute code\n(CVE-2011-3026),\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747328\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-js192 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-debuginfo-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debuginfo-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debugsource-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-debuginfo-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-debuginfo-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-debuginfo-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-debuginfo-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.27-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner192\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:41:58", "bulletinFamily": "info", "cvelist": ["CVE-2011-3026"], "description": "### Overview \n\nThe libpng library contains an integer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description \n\nThe Portable Network Graphics ([PNG](<http://www.libpng.org/pub/png/spec/1.2/PNG-Contents.html>)[](<http://www.libpng.org/pub/png/>)) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The [libpng](<http://libpng.org/pub/png/libpng.html>) reference library is available for application developers to support the PNG image format.\n\nThe libpng library contains an integer overflow in the `png_decompress_chunk()` function, which can result in a buffer overflow. \n \n--- \n \n### Impact \n\nBy causing libpng to process a specially-crafted PNG file (e.g. by visiting a web page, viewing an email, or opening a document), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the application that uses libpng. \n \n--- \n \n### Solution \n\n**Apply an update** \nThis issue has been addressed in libpng versions 1.0.57, 1.2.47, 1.4.9, and 1.5.9. Please check with your software vendor for updates that utilize a fixed version of libpng. \n \n--- \n \n### Vendor Information\n\n523889\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Inc. __ Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nApple Mac OS X (e.g. Safari, Mail) uses libpng.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23523889 Feedback>).\n\n### Debian GNU/Linux Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://security-tracker.debian.org/tracker/CVE-2011-3026>\n\n### Fedora Project Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3026>\n\n### Gentoo Linux Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-3026>\n\n### Google Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html>\n\n### Novell, Inc. Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.novell.com/security/cve/CVE-2011-3026.html>\n\n### Red Hat, Inc. Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3026>\n * <https://rhn.redhat.com/errata/RHSA-2012-0317.html>\n\n### SUSE Linux Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.novell.com/security/cve/CVE-2011-3026.html>\n\n### Slackware Linux Inc. Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu Affected\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3026.html>\n\n### Juniper Networks, Inc. __ Not Affected\n\nNotified: February 23, 2012 Updated: March 02, 2012 \n\n**Statement Date: March 01, 2012**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Juniper Networks products are not susceptible to this vulnerability`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux __ Not Affected\n\nNotified: February 23, 2012 Updated: March 01, 2012 \n\n**Statement Date: February 29, 2012**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nOpenwall GNU/*/Linux is not affected. We do not ship libpng.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DragonFly BSD Project Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EMC Corporation Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD Project Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Infoblox Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mandriva S. A. Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Corporation Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Oracle Corporation Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SafeNet Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sun Microsystems, Inc. Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: February 23, 2012 Updated: February 23, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 43 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:ND/RL:ND/RC:ND \nEnvironmental | 0 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://libpng.org/pub/png/libpng.html>\n * <http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html>\n\n### Acknowledgements\n\nThanks to J\u00fcri Aedla for reporting this vulnerability to the Google Chrome team.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2011-3026](<http://web.nvd.nist.gov/vuln/detail/CVE-2011-3026>) \n---|--- \n**Severity Metric:** | 24.75 \n**Date Public:** | 2012-02-15 \n**Date First Published:** | 2012-02-23 \n**Date Last Updated: ** | 2012-03-02 22:24 UTC \n**Document Revision: ** | 8 \n", "modified": "2012-03-02T22:24:00", "published": "2012-02-23T00:00:00", "id": "VU:523889", "href": "https://www.kb.cert.org/vuls/id/523889", "type": "cert", "title": "libpng chunk decompression integer overflow vulnerability", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-11T11:06:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "Check for the Version of mozilla", "modified": "2018-01-10T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:803005", "href": "http://plugins.openvas.org/nasl.php?oid=803005", "type": "openvas", "title": "Mandriva Update for mozilla MDVSA-2012:022 (mozilla)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla MDVSA-2012:022 (mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in mozilla firefox and\n thunderbird:\n\n An integer overflow in the libpng library can lead to a heap-buffer\n overflow when decompressing certain PNG images. This leads to a crash,\n which may be potentially exploitable (CVE-2011-3026).\n\n The mozilla firefox and thunderbird packages has been upgraded to the\n latest respective versions whish is not affecte dby this security flaw.\n\n Additionally the rootcerts packages (root CA cerificates bundle)\n has been upgraded to the latest version as of 2012/02/18 and the NSS\n library has been rebuilt accordingly to pickup the changes.\";\n\ntag_affected = \"mozilla on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:022\");\n script_id(803005);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:31 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:022\");\n script_name(\"Mandriva Update for mozilla MDVSA-2012:022 (mozilla)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ast\", rpm:\"firefox-ast~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_BD\", rpm:\"firefox-bn_BD~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_IN\", rpm:\"firefox-bn_IN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-br\", rpm:\"firefox-br~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bs\", rpm:\"firefox-bs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_ZA\", rpm:\"firefox-en_ZA~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_CL\", rpm:\"firefox-es_CL~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_MX\", rpm:\"firefox-es_MX~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fa\", rpm:\"firefox-fa~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gd\", rpm:\"firefox-gd~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hr\", rpm:\"firefox-hr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hy\", rpm:\"firefox-hy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kk\", rpm:\"firefox-kk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lg\", rpm:\"firefox-lg~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mai\", rpm:\"firefox-mai~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ml\", rpm:\"firefox-ml~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nso\", rpm:\"firefox-nso~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-or\", rpm:\"firefox-or~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta\", rpm:\"firefox-ta~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta_LK\", rpm:\"firefox-ta_LK~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-vi\", rpm:\"firefox-vi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zu\", rpm:\"firefox-zu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ar\", rpm:\"mozilla-thunderbird-ar~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bn_BD\", rpm:\"mozilla-thunderbird-bn_BD~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-br\", rpm:\"mozilla-thunderbird-br~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-vi\", rpm:\"mozilla-thunderbird-enigmail-vi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et\", rpm:\"mozilla-thunderbird-et~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fy\", rpm:\"mozilla-thunderbird-fy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ga\", rpm:\"mozilla-thunderbird-ga~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gd\", rpm:\"mozilla-thunderbird-gd~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gl\", rpm:\"mozilla-thunderbird-gl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-id\", rpm:\"mozilla-thunderbird-id~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-is\", rpm:\"mozilla-thunderbird-is~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lightning\", rpm:\"mozilla-thunderbird-lightning~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ro\", rpm:\"mozilla-thunderbird-ro~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-si\", rpm:\"mozilla-thunderbird-si~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sq\", rpm:\"mozilla-thunderbird-sq~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ta_LK\", rpm:\"mozilla-thunderbird-ta_LK~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-vi\", rpm:\"mozilla-thunderbird-vi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20120218.00~1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20120218.00~1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-l10n\", rpm:\"mozilla-thunderbird-l10n~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20120218.00~1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.27\", rpm:\"libxulrunner1.9.2.27~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20120218.00~1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20120218.00~1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.37mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.27\", rpm:\"lib64xulrunner1.9.2.27~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ast\", rpm:\"firefox-ast~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_BD\", rpm:\"firefox-bn_BD~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_IN\", rpm:\"firefox-bn_IN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-br\", rpm:\"firefox-br~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bs\", rpm:\"firefox-bs~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_ZA\", rpm:\"firefox-en_ZA~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_CL\", rpm:\"firefox-es_CL~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_MX\", rpm:\"firefox-es_MX~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fa\", rpm:\"firefox-fa~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gd\", rpm:\"firefox-gd~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hr\", rpm:\"firefox-hr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hy\", rpm:\"firefox-hy~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kk\", rpm:\"firefox-kk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lg\", rpm:\"firefox-lg~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mai\", rpm:\"firefox-mai~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ml\", rpm:\"firefox-ml~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nso\", rpm:\"firefox-nso~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-or\", rpm:\"firefox-or~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta\", rpm:\"firefox-ta~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta_LK\", rpm:\"firefox-ta_LK~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-vi\", rpm:\"firefox-vi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zu\", rpm:\"firefox-zu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ar\", rpm:\"mozilla-thunderbird-ar~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bn_BD\", rpm:\"mozilla-thunderbird-bn_BD~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-br\", rpm:\"mozilla-thunderbird-br~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-vi\", rpm:\"mozilla-thunderbird-enigmail-vi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et\", rpm:\"mozilla-thunderbird-et~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fy\", rpm:\"mozilla-thunderbird-fy~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ga\", rpm:\"mozilla-thunderbird-ga~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gd\", rpm:\"mozilla-thunderbird-gd~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gl\", rpm:\"mozilla-thunderbird-gl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-id\", rpm:\"mozilla-thunderbird-id~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-is\", rpm:\"mozilla-thunderbird-is~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lightning\", rpm:\"mozilla-thunderbird-lightning~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ro\", rpm:\"mozilla-thunderbird-ro~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-si\", rpm:\"mozilla-thunderbird-si~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sq\", rpm:\"mozilla-thunderbird-sq~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ta_LK\", rpm:\"mozilla-thunderbird-ta_LK~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-vi\", rpm:\"mozilla-thunderbird-vi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20120218.00~1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20120218.00~1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-l10n\", rpm:\"mozilla-thunderbird-l10n~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:57:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "Check for the Version of libpng", "modified": "2018-01-03T00:00:00", "published": "2012-03-19T00:00:00", "id": "OPENVAS:863842", "href": "http://plugins.openvas.org/nasl.php?oid=863842", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2012-1922", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2012-1922\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng package contains a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files. PNG\n is a bit-mapped graphics format similar to the GIF format. PNG was\n created to replace the GIF format, since GIF uses a patented data\n compression algorithm.\n\n Libpng should be installed if you need to manipulate PNG format image\n files.\";\n\ntag_affected = \"libpng on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073493.html\");\n script_id(863842);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:23:07 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-1922\");\n script_name(\"Fedora Update for libpng FEDORA-2012-1922\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:20:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1367-3", "modified": "2017-12-01T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:840896", "href": "http://plugins.openvas.org/nasl.php?oid=840896", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1367-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1367_3.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for thunderbird USN-1367-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding\n update for Thunderbird.\n\n Original advisory details:\n\n Jueri Aedla discovered that libpng did not properly verify the size used\n when allocating memory during chunk decompression. If a user or automated\n system using libpng were tricked into opening a specially crafted image,\n an attacker could exploit this to cause a denial of service or execute\n code with the privileges of the user invoking the program. (CVE-2011-3026)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1367-3\";\ntag_affected = \"thunderbird on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1367-3/\");\n script_id(840896);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:59:17 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1367-3\");\n script_name(\"Ubuntu Update for thunderbird USN-1367-3\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.19+build1+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.19+build1+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.19+build1+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:57:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "Check for the Version of xulrunner", "modified": "2018-01-08T00:00:00", "published": "2012-03-07T00:00:00", "id": "OPENVAS:863757", "href": "http://plugins.openvas.org/nasl.php?oid=863757", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2012-1845", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2012-1845\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 15\";\ntag_insight = \"XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM\n applications that are as rich as Firefox and Thunderbird. It provides mechanisms\n for installing, upgrading, and uninstalling these applications. XULRunner also\n provides libxul, a solution which allows the embedding of Mozilla technologies\n in other projects and products.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074364.html\");\n script_id(863757);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:17:10 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-1845\");\n script_name(\"Fedora Update for xulrunner FEDORA-2012-1845\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.1~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "The remote host is missing an update to libpng\nannounced via advisory DSA 2410-1.", "modified": "2020-04-21T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:136141256231071137", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071137", "type": "openvas", "title": "Debian Security Advisory DSA 2410-1 (libpng)", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Auto-generated from advisory DSA 2410-1 (libpng)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (C) 2012 E-Soft Inc. http://www.securityspace.com\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71137\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3026\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:30:59 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Debian Security Advisory DSA 2410-1 (libpng)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202410-1\");\n script_tag(name:\"insight\", value:\"Jueri Aedla discovered an integer overflow in the libpng PNG library,\nwhich could lead to the execution of arbitrary code if a malformed\nimage is processed.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your libpng packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to libpng\nannounced via advisory DSA 2410-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.44-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0-udeb\", ver:\"1.2.44-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev\", ver:\"1.2.44-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3\", ver:\"1.2.44-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "Check for the Version of firefox", "modified": "2017-12-26T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:870564", "href": "http://plugins.openvas.org/nasl.php?oid=870564", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:0142-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:0142-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser.\n\n A heap-based buffer overflow flaw was found in the way Firefox handled\n PNG (Portable Network Graphics) images. A web page containing a malicious\n PNG image could cause Firefox to crash or, possibly, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-3026)\n\n All Firefox users should upgrade to this updated package, which corrects\n this issue. After installing the update, Firefox must be restarted for the\n changes to take effect.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00038.html\");\n script_id(870564);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:57:12 +0530 (Tue, 21 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0142-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:0142-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.26~3.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.26~3.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1367-4", "modified": "2020-04-21T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:1361412562310840892", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840892", "type": "openvas", "title": "Ubuntu Update for xulrunner-1.9.2 USN-1367-4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for xulrunner-1.9.2 USN-1367-4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1367-4/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840892\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:58:34 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1367-4\");\n script_name(\"Ubuntu Update for xulrunner-1.9.2 USN-1367-4\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|10\\.10)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1367-4\");\n script_tag(name:\"affected\", value:\"xulrunner-1.9.2 on Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding\n update for Xulrunner.\n\n Original advisory details:\n\n Jueri Aedla discovered that libpng did not properly verify the size used\n when allocating memory during chunk decompression. If a user or automated\n system using libpng were tricked into opening a specially crafted image,\n an attacker could exploit this to cause a denial of service or execute\n code with the privileges of the user invoking the program. (CVE-2011-3026)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.27+build1+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:06:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "Check for the Version of thunderbird", "modified": "2018-01-09T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881148", "href": "http://plugins.openvas.org/nasl.php?oid=881148", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:0140 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:0140 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A heap-based buffer overflow flaw was found in the way Thunderbird handled\n PNG (Portable Network Graphics) images. An HTML mail message or remote\n content containing a specially-crafted PNG image could cause Thunderbird to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2011-3026)\n \n All Thunderbird users should upgrade to this updated package, which\n corrects this issue. After installing the update, Thunderbird must be\n restarted for the changes to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018444.html\");\n script_id(881148);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:22:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0140\");\n script_name(\"CentOS Update for thunderbird CESA-2012:0140 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~2.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:06:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "Check for the Version of xulrunner", "modified": "2018-01-05T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:870546", "href": "http://plugins.openvas.org/nasl.php?oid=870546", "type": "openvas", "title": "RedHat Update for xulrunner RHSA-2012:0143-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xulrunner RHSA-2012:0143-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"XULRunner provides the XUL Runtime environment for applications using the\n Gecko layout engine.\n\n A heap-based buffer overflow flaw was found in the way XULRunner handled\n PNG (Portable Network Graphics) images. A web page containing a malicious\n PNG image could cause an application linked against XULRunner (such as\n Firefox) to crash or, potentially, execute arbitrary code with the\n privileges of the user running the application. (CVE-2011-3026)\n\n All XULRunner users should upgrade to these updated packages, which correct\n this issue. After installing the update, applications using XULRunner must\n be restarted for the changes to take effect.\";\n\ntag_affected = \"xulrunner on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00039.html\");\n script_id(870546);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:55:36 +0530 (Tue, 21 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0143-01\");\n script_name(\"RedHat Update for xulrunner RHSA-2012:0143-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.26~2.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.2.26~2.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.26~2.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3026"], "description": "The remote host is missing an update for the ", "modified": "2020-04-21T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881148", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:0140 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:0140 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018444.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881148\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:22:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0140\");\n script_name(\"CentOS Update for thunderbird CESA-2012:0140 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A heap-based buffer overflow flaw was found in the way Thunderbird handled\n PNG (Portable Network Graphics) images. An HTML mail message or remote\n content containing a specially-crafted PNG image could cause Thunderbird to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2011-3026)\n\n All Thunderbird users should upgrade to this updated package, which\n corrects this issue. After installing the update, Thunderbird must be\n restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~2.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. ", "modified": "2012-02-28T10:47:57", "published": "2012-02-28T10:47:57", "id": "FEDORA:59DF8224EB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: libpng-1.5.8-2.fc17", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "modified": "2012-02-28T10:04:32", "published": "2012-02-28T10:04:32", "id": "FEDORA:92CA820F7E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: libpng10-1.0.57-1.fc16", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding of Mozilla technolog ies in other projects and products. ", "modified": "2012-02-19T23:17:56", "published": "2012-02-19T23:17:56", "id": "FEDORA:6D0B92125D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xulrunner-10.0.1-3.fc16", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. ", "modified": "2012-02-21T01:29:44", "published": "2012-02-21T01:29:44", "id": "FEDORA:135D6213F2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: libpng-1.2.46-2.fc16", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding of Mozilla technolog ies in other projects and products. ", "modified": "2012-03-02T01:21:49", "published": "2012-03-02T01:21:49", "id": "FEDORA:60F602025F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xulrunner-10.0.1-3.fc17", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client. ", "modified": "2012-03-31T03:13:41", "published": "2012-03-31T03:13:41", "id": "FEDORA:0A44B2083E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: thunderbird-11.0.1-1.fc16", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client. ", "modified": "2012-02-28T10:57:39", "published": "2012-02-28T10:57:39", "id": "FEDORA:A3F5521393", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: thunderbird-10.0.1-2.fc17", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-04-17T12:46:57", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0143\n\n\nXULRunner provides the XUL Runtime environment for applications using the\nGecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner handled\nPNG (Portable Network Graphics) images. A web page containing a malicious\nPNG image could cause an application linked against XULRunner (such as\nFirefox) to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which correct\nthis issue. After installing the update, applications using XULRunner must\nbe restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030478.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030481.html\n\n**Affected packages:**\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n", "edition": 4, "modified": "2012-02-17T02:51:39", "published": "2012-02-17T01:35:23", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030478.html", "id": "CESA-2012:0143", "title": "xulrunner security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:44:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0317\n\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker could\ncreate a specially-crafted PNG image that, when opened, could cause an\napplication using libpng to crash or, possibly, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030483.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030484.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030485.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030487.html\n\n**Affected packages:**\nlibpng\nlibpng-devel\nlibpng-static\nlibpng10\nlibpng10-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0317.html", "edition": 4, "modified": "2012-02-22T14:09:32", "published": "2012-02-20T21:59:45", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030483.html", "id": "CESA-2012:0317", "title": "libpng, libpng10 security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0140\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird handled\nPNG (Portable Network Graphics) images. An HTML mail message or remote\ncontent containing a specially-crafted PNG image could cause Thunderbird to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Thunderbird must be\nrestarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030482.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 4, "modified": "2012-02-17T02:53:21", "published": "2012-02-17T02:53:21", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030482.html", "id": "CESA-2012:0140", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:45:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0142\n\n\nMozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled\nPNG (Portable Network Graphics) images. A web page containing a malicious\nPNG image could cause Firefox to crash or, possibly, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which corrects\nthis issue. After installing the update, Firefox must be restarted for the\nchanges to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030479.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0142.html", "edition": 4, "modified": "2012-02-17T01:39:20", "published": "2012-02-17T01:39:20", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030479.html", "id": "CESA-2012:0142", "title": "firefox security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:05:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "A heap-based buffer overflow in libpng was fixed that could\n potentially be exploited by attackers to execute arbitrary\n code or cause an application to crash (CVE-2011-3026).\n\n libpng 1.2 was updated to 1.2.47 to fix this issue.\n\n", "edition": 1, "modified": "2012-02-28T22:36:59", "published": "2012-02-28T22:36:59", "id": "OPENSUSE-SU-2012:0316-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00028.html", "type": "suse", "title": "libpng12: Fixed a heap based buffer overflow (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:42:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "Mozilla XULRunner was updated to 1.9.2.27 to fix a security\n issue with the embedded libpng, where a integer overflow\n could allow remote attackers to crash the browser or\n potentially execute code (CVE-2011-3026),\n\n", "edition": 1, "modified": "2012-02-24T16:08:11", "published": "2012-02-24T16:08:11", "id": "OPENSUSE-SU-2012:0297-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html", "type": "suse", "title": "mozilla-xulrunner192: 1.9.2.27 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "Mozilla Firefox was updated to 10.0.2 to fix a security\n issue with the embedded libpng, where a integer overflow\n could allow remote attackers to crash the browser or\n potentially execute code (CVE-2011-3026),\n", "edition": 1, "modified": "2012-02-27T01:08:38", "published": "2012-02-27T01:08:38", "id": "SUSE-SU-2012:0303-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "A heap-based buffer overflow in libpng was fixed that could\n potentially be exploited by attackers to execute arbitrary\n code or cause an application to crash (CVE-2011-3026).\n", "edition": 1, "modified": "2012-02-28T22:37:10", "published": "2012-02-28T22:37:10", "id": "SUSE-SU-2012:0318-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00029.html", "title": "Security update for libpng (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:31:19", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding \nupdate for Xulrunner.\n\nOriginal advisory details:\n\nJueri Aedla discovered that libpng did not properly verify the size used \nwhen allocating memory during chunk decompression. If a user or automated \nsystem using libpng were tricked into opening a specially crafted image, \nan attacker could exploit this to cause a denial of service or execute \ncode with the privileges of the user invoking the program. (CVE-2011-3026)", "edition": 6, "modified": "2012-02-17T00:00:00", "published": "2012-02-17T00:00:00", "id": "USN-1367-4", "href": "https://ubuntu.com/security/notices/USN-1367-4", "title": "Xulrunner vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-08T23:34:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding \nupdate for Thunderbird.\n\nOriginal advisory details:\n\nJueri Aedla discovered that libpng did not properly verify the size used \nwhen allocating memory during chunk decompression. If a user or automated \nsystem using libpng were tricked into opening a specially crafted image, \nan attacker could exploit this to cause a denial of service or execute \ncode with the privileges of the user invoking the program. (CVE-2011-3026)", "edition": 6, "modified": "2012-02-17T00:00:00", "published": "2012-02-17T00:00:00", "id": "USN-1367-3", "href": "https://ubuntu.com/security/notices/USN-1367-3", "title": "Thunderbird vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-04-17T12:41:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "[1.0.9-79.0.1.el4]\n- Add mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and remove corresponding RedHat ones\n[1.0.9-79.el4]\n- Added fix for mozbz#727401", "edition": 5, "modified": "2012-02-16T00:00:00", "published": "2012-02-16T00:00:00", "id": "ELSA-2012-0141", "href": "http://linux.oracle.com/errata/ELSA-2012-0141.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:47:08", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "[2:1.2.46-2]\n- Fix CVE-2011-3026\nResolves: #791007", "edition": 5, "modified": "2012-02-20T00:00:00", "published": "2012-02-20T00:00:00", "id": "ELSA-2012-0317", "href": "http://linux.oracle.com/errata/ELSA-2012-0317.html", "title": "libpng security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:43:15", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "[1.9.2.26-2.0.1.el6_2]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n[1.9.2.26-2]\n- added fix for mozbz#727401", "edition": 5, "modified": "2012-02-16T00:00:00", "published": "2012-02-16T00:00:00", "id": "ELSA-2012-0143", "href": "http://linux.oracle.com/errata/ELSA-2012-0143.html", "title": "xulrunner security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:45:58", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "[3.1.18-2.0.1.el6_2]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.18-2]\n- added fix for mozbz#727401", "edition": 5, "modified": "2012-02-16T00:00:00", "published": "2012-02-16T00:00:00", "id": "ELSA-2012-0140", "href": "http://linux.oracle.com/errata/ELSA-2012-0140.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:45", "bulletinFamily": "software", "cvelist": ["CVE-2011-3026"], "edition": 1, "description": "An integer overflow in the libpng library can lead to a heap-buffer\noverflow when decompressing certain PNG images. This leads to a\ncrash, which may be potentially exploitable.", "modified": "2012-02-16T00:00:00", "published": "2012-02-16T00:00:00", "id": "MFSA2012-11", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-11/", "type": "mozilla", "title": "libpng integer overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2020-04-17T09:42:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "XULRunner provides the XUL Runtime environment for applications using the\nGecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner handled\nPNG (Portable Network Graphics) images. A web page containing a malicious\nPNG image could cause an application linked against XULRunner (such as\nFirefox) to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which correct\nthis issue. After installing the update, applications using XULRunner must\nbe restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:10", "published": "2012-02-16T05:00:00", "id": "RHSA-2012:0143", "href": "https://access.redhat.com/errata/RHSA-2012:0143", "type": "redhat", "title": "(RHSA-2012:0143) Critical: xulrunner security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T09:42:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "Mozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled\nPNG (Portable Network Graphics) images. A web page containing a malicious\nPNG image could cause Firefox to crash or, possibly, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which corrects\nthis issue. After installing the update, Firefox must be restarted for the\nchanges to take effect.\n", "modified": "2017-09-08T11:59:48", "published": "2012-02-16T05:00:00", "id": "RHSA-2012:0142", "href": "https://access.redhat.com/errata/RHSA-2012:0142", "type": "redhat", "title": "(RHSA-2012:0142) Critical: firefox security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T09:41:21", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "The libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker could\ncreate a specially-crafted PNG image that, when opened, could cause an\napplication using libpng to crash or, possibly, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update to\ntake effect.\n", "modified": "2018-06-06T20:24:05", "published": "2012-02-20T05:00:00", "id": "RHSA-2012:0317", "href": "https://access.redhat.com/errata/RHSA-2012:0317", "type": "redhat", "title": "(RHSA-2012:0317) Important: libpng security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T09:41:13", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird handled\nPNG (Portable Network Graphics) images. An HTML mail message or remote\ncontent containing a specially-crafted PNG image could cause Thunderbird to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Thunderbird must be\nrestarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:25", "published": "2012-02-16T05:00:00", "id": "RHSA-2012:0140", "href": "https://access.redhat.com/errata/RHSA-2012:0140", "type": "redhat", "title": "(RHSA-2012:0140) Critical: thunderbird security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T09:42:48", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC\nchat client, and HTML editor.\n\nA heap-based buffer overflow flaw was found in the way SeaMonkey handled\nPNG (Portable Network Graphics) images. A web page containing a malicious\nPNG image could cause SeaMonkey to crash or, possibly, execute arbitrary\ncode with the privileges of the user running SeaMonkey. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthis issue. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "modified": "2017-09-08T11:54:03", "published": "2012-02-16T05:00:00", "id": "RHSA-2012:0141", "href": "https://access.redhat.com/errata/RHSA-2012:0141", "type": "redhat", "title": "(RHSA-2012:0141) Critical: seamonkey security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:02", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3026"], "description": "**Issue Overview:**\n\nA heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. ([CVE-2011-3026 __](<https://access.redhat.com/security/cve/CVE-2011-3026>))\n\n \n**Affected Packages:** \n\n\nlibpng\n\n \n**Issue Correction:** \nRun _yum update libpng_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libpng-static-1.2.46-2.10.amzn1.i686 \n libpng-debuginfo-1.2.46-2.10.amzn1.i686 \n libpng-1.2.46-2.10.amzn1.i686 \n libpng-devel-1.2.46-2.10.amzn1.i686 \n \n src: \n libpng-1.2.46-2.10.amzn1.src \n \n x86_64: \n libpng-static-1.2.46-2.10.amzn1.x86_64 \n libpng-1.2.46-2.10.amzn1.x86_64 \n libpng-devel-1.2.46-2.10.amzn1.x86_64 \n libpng-debuginfo-1.2.46-2.10.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2012-03-04T16:09:00", "published": "2012-03-04T16:09:00", "id": "ALAS-2012-049", "href": "https://alas.aws.amazon.com/ALAS-2012-49.html", "title": "Important: libpng", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T23:03:43", "bulletinFamily": "info", "cvelist": ["CVE-2011-3026"], "description": "[](<https://threatpost.com/mozilla-fix-libpng-bug-firefox-and-thunderbird-021712/>)Mozilla is preparing to release a fix for a serious vulnerability in both Firefox and Thunderbird that could result in remote code execution. The update comes just a few days after the company released [version 10.0.1 of Firefox](<https://threatpost.com/mozilla-fixes-critical-flaw-firefox-021312/>), fixing a separate security bug. \n\nThe new update for Firefox and Thunderbird will repair a known bug in libpng that also was fixed earlier this week in Google Chrome. Mozilla plans to push out the fix for the vulnerability later today.\n\n\u201cThe `libpng` graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages,\u201d [Mozilla said in its advisory](<http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/>).\n\n\u201cThis bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.\u201d\n\nFirefox users will be able to get the update through the automatic update mechanism in the browser.\n", "modified": "2013-04-17T16:32:46", "published": "2012-02-17T18:43:07", "id": "THREATPOST:5ABA4DDB709C933D01DC2E11880B1AFB", "href": "https://threatpost.com/mozilla-fix-libpng-bug-firefox-and-thunderbird-021712/76235/", "type": "threatpost", "title": "Mozilla to Fix Libpng Bug in Firefox and Thunderbird", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
