ID EDB-ID:28427 Type exploitdb Reporter anonymous Modified 2006-08-18T00:00:00
Description
Novell Identity Manager Arbitrary Command Execution Vulnerability. CVE-2006-4310 . Local exploit for novell platform
source: http://www.securityfocus.com/bid/19688/info
Novell Identity Manager is prone to an arbitrary command-execution vulnerability.
A local attacker can exploit this issue to execute arbitrary commands with superuser privileges. Exploiting this issue allows attackers to completely compromise affected computers.
CMD="usermod -c $gecos"
{"cve": [{"lastseen": "2020-10-03T11:48:17", "description": "Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.", "edition": 3, "cvss3": {}, "published": "2006-08-23T19:04:00", "title": "CVE-2006-4310", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4310"], "modified": "2018-10-17T21:34:00", "cpe": ["cpe:/a:mozilla:firefox:1.5.0.6"], "id": "CVE-2006-4310", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4310", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4310"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1224)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1227)\n[Secunia Advisory ID:23197](https://secuniaresearch.flexerasoftware.com/advisories/23197/)\n[Secunia Advisory ID:23202](https://secuniaresearch.flexerasoftware.com/advisories/23202/)\n[Secunia Advisory ID:23235](https://secuniaresearch.flexerasoftware.com/advisories/23235/)\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1225\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0432.html\n[CVE-2006-4310](https://vulners.com/cve/CVE-2006-4310)\nBugtraq ID: 19678\n", "edition": 1, "modified": "2006-08-22T03:58:48", "published": "2006-08-22T03:58:48", "href": "https://vulners.com/osvdb/OSVDB:30759", "id": "OSVDB:30759", "title": "Mozilla Firefox Crafted FTP URI DoS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-06T09:44:44", "description": "Several security related problems have been discovered in Mozilla and\nderived products. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities :\n\n - CVE-2006-4310\n Tomas Kempinsky discovered that malformed FTP server\n responses could lead to denial of service.\n\n - CVE-2006-5462\n Ulrich Kuhn discovered that the correction for a\n cryptographic flaw in the handling of PKCS-1\n certificates was incomplete, which allows the forgery of\n certificates.\n\n - CVE-2006-5463\n 'shutdown' discovered that modification of JavaScript\n objects during execution could lead to the execution of\n arbitrary JavaScript bytecode.\n\n - CVE-2006-5464\n Jesse Ruderman and Martijn Wargers discovered several\n crashes in the layout engine, which might also allow\n execution of arbitrary code.\n\n - CVE-2006-5748\n Igor Bukanov and Jesse Ruderman discovered several\n crashes in the JavaScript engine, which might allow\n execution of arbitrary code.\n\nThis update also addresses several crashes, which could be triggered\nby malicious websites and fixes a regression introduced in the\nprevious Mozilla update.", "edition": 26, "published": "2006-12-04T00:00:00", "title": "Debian DSA-1224-1 : mozilla - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "modified": "2006-12-04T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:mozilla"], "id": "DEBIAN_DSA-1224.NASL", "href": "https://www.tenable.com/plugins/nessus/23766", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1224. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23766);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-4310\", \"CVE-2006-5462\", \"CVE-2006-5463\", \"CVE-2006-5464\", \"CVE-2006-5748\");\n script_bugtraq_id(19678, 20957);\n script_xref(name:\"CERT\", value:\"335392\");\n script_xref(name:\"CERT\", value:\"390480\");\n script_xref(name:\"CERT\", value:\"495288\");\n script_xref(name:\"CERT\", value:\"714496\");\n script_xref(name:\"DSA\", value:\"1224\");\n\n script_name(english:\"Debian DSA-1224-1 : mozilla - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security related problems have been discovered in Mozilla and\nderived products. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities :\n\n - CVE-2006-4310\n Tomas Kempinsky discovered that malformed FTP server\n responses could lead to denial of service.\n\n - CVE-2006-5462\n Ulrich Kuhn discovered that the correction for a\n cryptographic flaw in the handling of PKCS-1\n certificates was incomplete, which allows the forgery of\n certificates.\n\n - CVE-2006-5463\n 'shutdown' discovered that modification of JavaScript\n objects during execution could lead to the execution of\n arbitrary JavaScript bytecode.\n\n - CVE-2006-5464\n Jesse Ruderman and Martijn Wargers discovered several\n crashes in the layout engine, which might also allow\n execution of arbitrary code.\n\n - CVE-2006-5748\n Igor Bukanov and Jesse Ruderman discovered several\n crashes in the JavaScript engine, which might allow\n execution of arbitrary code.\n\nThis update also addresses several crashes, which could be triggered\nby malicious websites and fixes a regression introduced in the\nprevious Mozilla update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mozilla package.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libnspr-dev\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libnspr4\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libnss-dev\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libnss3\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-browser\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-calendar\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-chatzilla\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-dev\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-dom-inspector\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-js-debugger\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-mailnews\", reference:\"1.7.8-1sarge8\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-psm\", reference:\"1.7.8-1sarge8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:44", "description": "Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities :\n\n - CVE-2006-4310\n Tomas Kempinsky discovered that malformed FTP server\n responses could lead to denial of service.\n\n - CVE-2006-5462\n Ulrich Kuhn discovered that the correction for a\n cryptographic flaw in the handling of PKCS-1\n certificates was incomplete, which allows the forgery of\n certificates.\n\n - CVE-2006-5463\n 'shutdown' discovered that modification of JavaScript\n objects during execution could lead to the execution of\n arbitrary JavaScript bytecode.\n\n - CVE-2006-5464\n Jesse Ruderman and Martijn Wargers discovered several\n crashes in the layout engine, which might also allow\n execution of arbitrary code.\n\n - CVE-2006-5748\n Igor Bukanov and Jesse Ruderman discovered several\n crashes in the JavaScript engine, which might allow\n execution of arbitrary code.\n\nThis update also addresses several crashes, which could be triggered\nby malicious websites and fixes a regression introduced in the\nprevious Mozilla update.", "edition": 26, "published": "2006-12-04T00:00:00", "title": "Debian DSA-1227-1 : mozilla-thunderbird - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "modified": "2006-12-04T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:mozilla-thunderbird"], "id": "DEBIAN_DSA-1227.NASL", "href": "https://www.tenable.com/plugins/nessus/23768", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1227. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23768);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-4310\", \"CVE-2006-5462\", \"CVE-2006-5463\", \"CVE-2006-5464\", \"CVE-2006-5748\");\n script_bugtraq_id(19678, 20957);\n script_xref(name:\"CERT\", value:\"335392\");\n script_xref(name:\"CERT\", value:\"390480\");\n script_xref(name:\"CERT\", value:\"495288\");\n script_xref(name:\"CERT\", value:\"714496\");\n script_xref(name:\"DSA\", value:\"1227\");\n\n script_name(english:\"Debian DSA-1227-1 : mozilla-thunderbird - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities :\n\n - CVE-2006-4310\n Tomas Kempinsky discovered that malformed FTP server\n responses could lead to denial of service.\n\n - CVE-2006-5462\n Ulrich Kuhn discovered that the correction for a\n cryptographic flaw in the handling of PKCS-1\n certificates was incomplete, which allows the forgery of\n certificates.\n\n - CVE-2006-5463\n 'shutdown' discovered that modification of JavaScript\n objects during execution could lead to the execution of\n arbitrary JavaScript bytecode.\n\n - CVE-2006-5464\n Jesse Ruderman and Martijn Wargers discovered several\n crashes in the layout engine, which might also allow\n execution of arbitrary code.\n\n - CVE-2006-5748\n Igor Bukanov and Jesse Ruderman discovered several\n crashes in the JavaScript engine, which might allow\n execution of arbitrary code.\n\nThis update also addresses several crashes, which could be triggered\nby malicious websites and fixes a regression introduced in the\nprevious Mozilla update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1227\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mozilla-thunderbird package.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-thunderbird\", reference:\"1.0.2-2.sarge1.0.8d.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-thunderbird-dev\", reference:\"1.0.2-2.sarge1.0.8d.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-thunderbird-inspector\", reference:\"1.0.2-2.sarge1.0.8d.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-thunderbird-offline\", reference:\"1.0.2-2.sarge1.0.8d.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-thunderbird-typeaheadfind\", reference:\"1.0.2-2.sarge1.0.8d.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:44", "description": "This update covers packages for the little endian MIPS architecture\nmissing in the original advisory. For reference please find below the\noriginal advisory text :\n\n Several security related problems have been discovered in Mozilla\n and derived products such as Mozilla Firefox. The Common\n Vulnerabilities and Exposures project identifies the following\n vulnerabilities :\n\n - CVE-2006-4310\n Tomas Kempinsky discovered that malformed FTP server\n responses could lead to denial of service.\n\n - CVE-2006-5462\n Ulrich Kuhn discovered that the correction for a\n cryptographic flaw in the handling of PKCS-1\n certificates was incomplete, which allows the forgery\n of certificates.\n\n - CVE-2006-5463\n 'shutdown' discovered that modification of JavaScript\n objects during execution could lead to the execution\n of arbitrary JavaScript bytecode.\n\n - CVE-2006-5464\n Jesse Ruderman and Martijn Wargers discovered several\n crashes in the layout engine, which might also allow\n execution of arbitrary code.\n\n - CVE-2006-5748\n Igor Bukanov and Jesse Ruderman discovered several\n crashes in the JavaScript engine, which might allow\n execution of arbitrary code.\n\n This update also addresses several crashes, which could be triggered\n by malicious websites and fixes a regression introduced in the\n previous Mozilla update.", "edition": 26, "published": "2006-12-04T00:00:00", "title": "Debian DSA-1225-2 : mozilla-firefox - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "modified": "2006-12-04T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:mozilla-firefox"], "id": "DEBIAN_DSA-1225.NASL", "href": "https://www.tenable.com/plugins/nessus/23767", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1225. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23767);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-4310\", \"CVE-2006-5462\", \"CVE-2006-5463\", \"CVE-2006-5464\", \"CVE-2006-5748\");\n script_bugtraq_id(19678, 20957);\n script_xref(name:\"CERT\", value:\"335392\");\n script_xref(name:\"CERT\", value:\"390480\");\n script_xref(name:\"CERT\", value:\"495288\");\n script_xref(name:\"CERT\", value:\"714496\");\n script_xref(name:\"DSA\", value:\"1225\");\n\n script_name(english:\"Debian DSA-1225-2 : mozilla-firefox - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update covers packages for the little endian MIPS architecture\nmissing in the original advisory. For reference please find below the\noriginal advisory text :\n\n Several security related problems have been discovered in Mozilla\n and derived products such as Mozilla Firefox. The Common\n Vulnerabilities and Exposures project identifies the following\n vulnerabilities :\n\n - CVE-2006-4310\n Tomas Kempinsky discovered that malformed FTP server\n responses could lead to denial of service.\n\n - CVE-2006-5462\n Ulrich Kuhn discovered that the correction for a\n cryptographic flaw in the handling of PKCS-1\n certificates was incomplete, which allows the forgery\n of certificates.\n\n - CVE-2006-5463\n 'shutdown' discovered that modification of JavaScript\n objects during execution could lead to the execution\n of arbitrary JavaScript bytecode.\n\n - CVE-2006-5464\n Jesse Ruderman and Martijn Wargers discovered several\n crashes in the layout engine, which might also allow\n execution of arbitrary code.\n\n - CVE-2006-5748\n Igor Bukanov and Jesse Ruderman discovered several\n crashes in the JavaScript engine, which might allow\n execution of arbitrary code.\n\n This update also addresses several crashes, which could be triggered\n by malicious websites and fixes a regression introduced in the\n previous Mozilla update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1225\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mozilla-firefox package.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-firefox\", reference:\"1.0.4-2sarge13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-firefox-dom-inspector\", reference:\"1.0.4-2sarge13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mozilla-firefox-gnome-support\", reference:\"1.0.4-2sarge13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:12:44", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1225-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 3rd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mozilla-firefox\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464\n CVE-2006-5748\nCERT advisories: VU#335392 VU#390480 VU#495288 VU#714496 \nBugTraq IDs : 19678 20957\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCVE-2006-4310\n\n Tomas Kempinsky discovered that malformed FTP server responses\n could lead to denial of service.\n\nCVE-2006-5462\n\n Ulrich K\u00fchn discovered that the correction for a cryptographic\n flaw in the handling of PKCS-1 certificates was incomplete, which\n allows the forgery of certificates.\n\nCVE-2006-5463\n\n "shutdown" discovered that modification of JavaScript objects\n during execution could lead to the execution of arbitrary\n JavaScript bytecode.\n\nCVE-2006-5464\n\n Jesse Ruderman and Martijn Wargers discovered several crashes in\n the layout engine, which might also allow execution of arbitrary\n code.\n\nCVE-2006-5748\n\n Igor Bukanov and Jesse Ruderman discovered several crashes in the\n JavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.\n\nFor the unstable distribution (sid) these problems have been fixed in\nthe current iceweasel package 2.0+dfsg-1.\n\nWe recommend that you upgrade your mozilla-firefox package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.dsc\n Size/MD5 checksum: 1003 4a8d05c1e9563e6066ca838e7c0b2f53\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.diff.gz\n Size/MD5 checksum: 450265 46d4bedf12a1e0c92a275ae012d92b5a\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz\n Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_alpha.deb\n Size/MD5 checksum: 11182242 388bf02a94456182cd7a39187886875a\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_alpha.deb\n Size/MD5 checksum: 170908 4cbff185bb88b1c7e11791059cd83142\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_alpha.deb\n Size/MD5 checksum: 62736 f42571aa18001fc521be0f5348eb9511\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_amd64.deb\n Size/MD5 checksum: 9412474 fcd7ced169a47d7413197a918047036a\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_amd64.deb\n Size/MD5 checksum: 165706 931ebeee155ac01fcecb1467388a2fab\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_amd64.deb\n Size/MD5 checksum: 61276 cf839454fe9e09a0b58641353f9c75c6\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_arm.deb\n Size/MD5 checksum: 8233670 39a042f6300c805ad372828fd115cab0\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_arm.deb\n Size/MD5 checksum: 157176 873eb90c91c98e1c4168f215b493fd74\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_arm.deb\n Size/MD5 checksum: 56586 c53ca4b95b188684381338eae43603cc\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_hppa.deb\n Size/MD5 checksum: 10287242 8a7eddef738dfe4eb164bd5e486474a2\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_hppa.deb\n Size/MD5 checksum: 168624 fa195e512062a19cf92018de4009160d\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_hppa.deb\n Size/MD5 checksum: 61736 b0dbfbbce97f954c9487a126d20b9a90\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_i386.deb\n Size/MD5 checksum: 8908194 9cfe0ac430050c7d62066cd3f8beb64f\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_i386.deb\n Size/MD5 checksum: 160902 77a78dd1eac37417b4a5629e745e4391\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_i386.deb\n Size/MD5 checksum: 58124 f82b3d3fc66e1054d5da72a69ab9bd20\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_ia64.deb\n Size/MD5 checksum: 11646376 83d5349be8156e1f95eb75da89beb578\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_ia64.deb\n Size/MD5 checksum: 171244 46ae3d6d9112d31f92407922832e6599\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_ia64.deb\n Size/MD5 checksum: 65934 690969e2e7a865faee22ed6fb8a88384\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_m68k.deb\n Size/MD5 checksum: 8186050 ab9f31d6cbd9ff6c1820c59ef1e44ce7\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_m68k.deb\n Size/MD5 checksum: 159792 69c3cf68fc12fd5fb3929339aa8cd9cb\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_m68k.deb\n Size/MD5 checksum: 57394 14636fe25df3a18c536819129e83e1a0\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_mips.deb\n Size/MD5 checksum: 9943474 75b7796d42079421a151bfac35a17f95\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_mips.deb\n Size/MD5 checksum: 158694 a3c6f1c71947cb5e9c2fc8d8acece832\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_mips.deb\n Size/MD5 checksum: 58386 395683ab3ebb0983e24bc3afde8d28f5\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_mipsel.deb\n Size/MD5 checksum: 9819470 41ecbd5f3543c0b110771e93e2307abc\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mipsel.deb\n Size/MD5 checksum: 157672 43ca2a353bacf378a2dc7dfa9a7f3a73\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mipsel.deb\n Size/MD5 checksum: 57634 8d16796108c3a7627ab9654e977277a5\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_powerpc.deb\n Size/MD5 checksum: 8580222 c2f239d0961911962bea6b7f7bf1cdc1\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_powerpc.deb\n Size/MD5 checksum: 159320 5a5ea9d8a9f7a845bc1898b0c9976112\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_powerpc.deb\n Size/MD5 checksum: 60508 3ce3df0f45aeef3acb1964960bf76406\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_s390.deb\n Size/MD5 checksum: 9650866 9fd3e3788898152580a0ab344112b5ab\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_s390.deb\n Size/MD5 checksum: 166290 70bcea0f67fc9d0288c75bb2ad8e7b36\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_s390.deb\n Size/MD5 checksum: 60696 7d6b7a3cf65fa798f3e41275f4bb9967\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_sparc.deb\n Size/MD5 checksum: 8672090 c32301aeb3eb3ebbad2ff26f56d3e9ee\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_sparc.deb\n Size/MD5 checksum: 159508 7c3fd5b5a0c78c8abf09082dcb06bbfc\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_sparc.deb\n Size/MD5 checksum: 56946 0b154ceb732d771ca492e4d98ea21350\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "modified": "2006-12-03T00:00:00", "published": "2006-12-03T00:00:00", "id": "DEBIAN:DSA-1225-1:699E0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00325.html", "title": "[SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:14:05", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1224-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 3rd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mozilla\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748\nCERT advisories: VU#335392 VU#390480 VU#495288 VU#714496 \nBugTraq IDs : 19678 20957\n\nSeveral security related problems have been discovered in Mozilla and\nderived products. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:\n\nCVE-2006-4310\n\n Tomas Kempinsky discovered that malformed FTP server responses\n could lead to denial of service.\n\nCVE-2006-5462\n\n Ulrich K\u00fchn discovered that the correction for a cryptographic\n flaw in the handling of PKCS-1 certificates was incomplete, which\n allows the forgery of certificates.\n\nCVE-2006-5463\n\n "shutdown" discovered that modification of JavaScript objects\n during execution could lead to the execution of arbitrary\n JavaScript bytecode.\n\nCVE-2006-5464\n\n Jesse Ruderman and Martijn Wargers discovered several crashes in\n the layout engine, which might also allow execution of arbitrary\n code.\n\nCVE-2006-5748\n\n Igor Bukanov and Jesse Ruderman discovered several crashes in the\n JavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge8.\n\nWe recommend that you upgrade your mozilla package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8.dsc\n Size/MD5 checksum: 1124 a6f4c7ddbcb0d9126d4e0a81fda4059a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8.diff.gz\n Size/MD5 checksum: 574770 77a056d9582389d1a31de1136dd7a0a2\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz\n Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 168064 33104218442c9bd7b113df794afdefe0\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 148564 be8d4aeb7da1d0a7e7524096cefee038\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 184948 f831a7dd089c599c695ab540720be912\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 858396 bd636d8d59d54016d4051ae37fbf0455\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 1034 bb3c11032fe99445e2831485155f9bec\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 11494648 a1029b5935bf687048b0a8156fb3910c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 403290 ade408aef33a53453263a2a83cf96524\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 158332 ccdc52d9b79b5359e18ef4f8e39ae068\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 3358886 c86ce3ccec680c80730cf046560d1cc8\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 122288 91187d98388e73f4ca5aa93314a23d78\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 204152 405074b924c7ec7450da6cc623a2d6f9\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 1937184 a527be2c3bb0991c25b1388b17f36509\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_alpha.deb\n Size/MD5 checksum: 212628 6c21078c7b3676273f1224c7028e4f63\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 168068 44912cded148a15690602d83b05517c4\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 147682 56dd565ea350862e6c512562929d6beb\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 184956 1f2c8bb99907df91c3d0f7800d77461d\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 716604 df8853c93a3f8688efc458929802087a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 1036 2691304128a390fa0d0ddd06e5c014fd\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 10958880 c7c04de71bd68b738f13c187a88b4ab1\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 403272 6f5cba2fcd9f28e58e1a46ce9fe2034d\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 158328 ffd9e0136af049212c7668080b1590ba\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 3352912 accc3e9736aa0758d131cdf459e2be49\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 121194 cbf6ac02a99d7fb7a64cc29b07433c82\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 204156 ed48ca294a99e3e18eed491119c0d5ea\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 1936052 c051bd4fe32d5d0225f3eae41b01af61\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_amd64.deb\n Size/MD5 checksum: 204454 e52b74e973244cdc91030148777b2607\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 168078 056a33d7d2c0d1ddec9dc82bc10fa91b\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 126062 279c0b2b4672b68c99414f2864d48c8e\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 184962 d3b634a995bcb30e328c4bc23db47742\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 633928 2021be577fc4731afad9fb85f10b900e\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 1036 a6a62863932baa16457b8957f191dc8c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 9221058 38cf4492787382ca6f092f8b8996c29d\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 403328 db6d998bf24a01bc40e8958c18b8354a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 158342 5851791133fe390520c0dc627cf0e5bb\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 3342584 471aee590010373272675eb6dc51bf9b\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 112668 3a2b8d1d473e4801a0e90f0e6e20d173\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 204162 6679a330049947996fd1649ee9015238\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 1604480 9ce39476d103f3d42cb500853c5f24d8\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_arm.deb\n Size/MD5 checksum: 169002 02c81d7993667ef81be7c602681e96f0\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 168076 906aae615cfccc867128dfe39ac510bc\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 158584 e4d74474057887b6cb2852f4e4b01c74\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 184956 5551d423e4375da8fb4f9c16dd6a3f3b\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 756664 d2a92775acd425551d1804c23eae7bdf\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 1038 7e88d25552135eb7f79a2fd2c6bd2b22\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 12177466 14304d3394a221c2aa7bc531af9b591b\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 403286 f98a9ce0ae8980625c282f80523f0bc7\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 158338 c384d2a4f962d0b9820a5ba28cd1218c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 3359316 77e7f6cfee145742ae2e13f24ec27def\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 123522 69dbc3a82863990e7ca431b7f6a29b61\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 204160 34b097e3f1e4a08af78541d3a12271e7\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 2135234 33d7b6fbf3a170104167b5403fc3f794\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_hppa.deb\n Size/MD5 checksum: 216448 fb8e5b76a683c26e1c3ced60acbb23b2\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 168078 fead516428ff54afba8fb9ffeb6107b7\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 138378 89380d80fe8f7e985a9307a9a677bc3e\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 184968 0abd8dfb25de28cb50c5e58648a0ff3a\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 662194 a2f137e0d9c3c8a936a7ef1393de2955\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 1036 fd2f5c0d987df8a32ab9818ff0a2d968\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 10315404 db2f25cbb471e5387de1aeef7e176f7e\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 403286 b3bf4d34d9a51f3f1708b06c70901cf3\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 158358 fde8eec72729840210de689b2a343a51\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 3348734 081bfa3f5e9b81894f5a147ec05298ab\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 116236 5bb8e35c9cf6bcf73572e1307d4e036f\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 204172 bb709199707869539300ae4ace073983\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 1811294 790f8577dc06fc90034945919a949ac7\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_i386.deb\n Size/MD5 checksum: 192634 592adc759e44972dacdc85ebe1296a63\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 168060 3ee0a67cfc308f6d7b0f9343a63f02fb\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 176012 62b50ac23c369004b18620238da294dd\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 184936 443ef5c72a5fd2b92028468433fdc2da\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 968864 f4e5406c1a7abe968b52cccfd4ba3041\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 1032 682087a412c08bbc251fe22e56a0dd6d\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 12966514 05ed823dbd6c55fd456f03f63aefb7e3\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 403270 03b53aaf2cd12b98d1e3f6f8a8d7dbea\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 158318 ee4f77127d14a091d8730fbcb7cab219\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 3378656 76bc26292ee2482e3b7f18b807357898\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 125584 372e14fa5d4a23a4df7f4b393f66bc3a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 204148 030a13e33c394393c22cbbe03a5fd7b7\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 2302326 2045f4c0ded45041ede24f2fe8316f25\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_ia64.deb\n Size/MD5 checksum: 242940 92b1755ece7f86361e2467ecbe8a0b98\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 168086 d72a577c1f74c1e64183625c6afbb356\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 127678 38a811b392550848806b4ea82b3786d9\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 184978 37b8d8c26f1e913bcc0676351655fbd9\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 601900 70ae4f03be4fb2a05589149a565184f4\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 1044 843ae71e0612517ec6d037f0157bcc6a\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 9716824 1976d754f162f52fada5c6ae709a63df\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 403350 9299ef454121636429cd58ce4648de74\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 158384 8f5d9c08ce9ee22a7a523ab12d0339a1\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 3337078 7c2763fc5d1399ba0f6de5e60c487a9f\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 114460 847321a189d09a37590931b7bdaa12b8\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 204188 0acd1202b74153c09e96dc03c82f858c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 1683182 6fce1b70bc59f24fcaf9204ed8045a0e\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_m68k.deb\n Size/MD5 checksum: 175004 ba9f9d625b54cb3b8338f353eb591d63\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 168066 40951a292610d572fb32bc9a08e3d716\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 142540 467f786d8c69106d6bf52c4ff0f147df\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 184948 90d54a6da32f70c55e562ba0908bb615\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 727612 bef2fa46727d30564df686f3bec97b4c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 1036 3f24cf20cf983e887def6ab4e83d313f\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 10739450 81c0c801442b91873e351e6469cd626d\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 403256 7dea9f93c79476d6c4a08e7da9749d71\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 158328 6ff36aad6504f5156e2cdc4e4e6990fa\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 3358884 7dc0ffad84ddf4ff45ed019f856ddde8\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 117622 63931cee65d76f9c7810110fffd591b7\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 204148 64b3b20a437d605742e300d41cdbf251\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 1795510 92e0f045d8bf37b1ea6d90e84480d40c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_mips.deb\n Size/MD5 checksum: 190118 debdc2467236eec1f5ca49bc8ddac2c9\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 168074 cf9f50671782c08500d3c2d29f93ef9e\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 142492 b7b2127fa138bd01dc1c7b4fb4dc1638\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 184942 4a26b1d61ac0daf627f2e7cb8797db82\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 717068 0b935bf6dca82a129f2c678b6069b928\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 1040 69af0bb34af5f881b501bd829b4364bf\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 10620284 93085f80cc02f554bf3d7e1e0d39c176\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 403274 526ced11500a8d0c08044786255199df\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 158340 7b6d7ee717b0bf427bbb469b05908f38\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 3359422 a710eb88d086ddd2f41f1c0f9a1582c6\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 117206 6f80a50306eb573deaa8052ef7b953c4\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 204160 182f59bc3a66185d5d99f4f4b892bf0d\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 1777592 0bef8a8191417e642e11a87b95cbff28\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_mipsel.deb\n Size/MD5 checksum: 187610 15e1ba2286e45ea4de8bd10e1043b4ae\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 168068 4afc44e689523284f6596c49a0c57c04\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 132968 c7f1bc15d01ace3a8544dd8ac09c4f5f\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 184954 69dd645183560089b4f0b079b14ff7ba\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 720814 b919244b4647539e92ac8496175e5ec9\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 1030 c93abd84beb9d1b5df1f393dcb742e4d\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 9712666 01692a2bb19b64406bcdecdf43fd6921\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 403274 c84c30bab18ab3337cf7c995f1bd235e\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 158332 e356212dd93e1bd4762f0350461bc0d8\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 3341184 51eac899e26a44b28ca9304f7de58bad\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 114586 582bec3e96ed89fb2b66d127135c2d99\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 204154 cfcef824bc6d730f8749e92626377512\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 1643132 05d2aae54574a7440b11e3d1683b4491\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_powerpc.deb\n Size/MD5 checksum: 175800 b9c2d4010924375ae96697b5c85a2886\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 168068 49233d2e9ce43df4702d355bbe0a1405\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 158304 a8cdc38cb9ac827b54c646b8b5c2b2e7\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 184938 4f7852977d08f31cfad5e8c352946426\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 801008 abfe303f9e48e5341c81a9622c0f9f1c\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 1032 35f2fdd96e584c9afbda26d3395ef78f\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 11340612 0a8315780402713a6f25f3bb068b9593\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 403268 f4d3465aae90c369a0f4b0000f9b76f9\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 158330 01c26b88dbf2a25b4520e484a324267e\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 3353508 2d8ca556688100796c7b66b65f509246\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 121340 1c28f9aa34ab20b8c9b87b6a484f29c0\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 204142 e2c4c8c3b721f3560390c86f8a8e4f42\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 1944770 525714424a1fa0131327ced0961987c9\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_s390.deb\n Size/MD5 checksum: 213646 31a3c2bc95b020fa1a4104cdb24f51cf\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 168070 ec1b9711bc09abaf87a1e8caeac523a9\n http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 130234 a57dbc4e7d4fb4a7269dce9063b848d9\n http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 184964 f6d4813d577feef2530f5993e4dc5464\n http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 674592 5634a5745abfd58cec63f3615b9a7e0e\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 1036 222687822a8e79b3407dd3edec552b19\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 9385078 1e10244c49ded27051ea0eeef38508f5\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 403290 fe2140858be3ef7e5b732dc9d98f5f40\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 158338 5703ab5f69f23b9deccc705bf97bfe16\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 3342206 18dd2adf74fc28147f85cc55d4bafc25\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 112520 0d19cd564f1c80ce919f85da844fe535\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 204166 6caff56854b59671710aace6b683bcc2\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 1583766 3366a381ab996886b6924e1d12ad0bc7\n http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_sparc.deb\n Size/MD5 checksum: 168196 2fc28554dfb6e322e354ccbdff26fb50\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 7, "modified": "2006-12-03T00:00:00", "published": "2006-12-03T00:00:00", "id": "DEBIAN:DSA-1224-1:25262", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00324.html", "title": "[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:12:16", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1225-2 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 3rd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mozilla-firefox\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464\n CVE-2006-5748\nCERT advisories: VU#335392 VU#390480 VU#495288 VU#714496 \nBugTraq IDs : 19678 20957\n\nThis update covers packages for the little endian MIPS architecture\nmissing in the original advisory.\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCVE-2006-4310\n\n Tomas Kempinsky discovered that malformed FTP server responses\n could lead to denial of service.\n\nCVE-2006-5462\n\n Ulrich K\u00fchn discovered that the correction for a cryptographic\n flaw in the handling of PKCS-1 certificates was incomplete, which\n allows the forgery of certificates.\n\nCVE-2006-5463\n\n "shutdown" discovered that modification of JavaScript objects\n during execution could lead to the execution of arbitrary\n JavaScript bytecode.\n\nCVE-2006-5464\n\n Jesse Ruderman and Martijn Wargers discovered several crashes in\n the layout engine, which might also allow execution of arbitrary\n code.\n\nCVE-2006-5748\n\n Igor Bukanov and Jesse Ruderman discovered several crashes in the\n JavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.\n\nFor the unstable distribution (sid) these problems have been fixed in\nthe current iceweasel package 2.0+dfsg-1.\n\nWe recommend that you upgrade your mozilla-firefox package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.dsc\n Size/MD5 checksum: 1003 4a8d05c1e9563e6066ca838e7c0b2f53\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.diff.gz\n Size/MD5 checksum: 450265 46d4bedf12a1e0c92a275ae012d92b5a\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz\n Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_mipsel.deb\n Size/MD5 checksum: 9820186 7823ac933179f566597b7bd4e3810fcb\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_mipsel.deb\n Size/MD5 checksum: 158272 950a04ca3dfd4870b30d5d8c6ae536ee\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_mipsel.deb\n Size/MD5 checksum: 58218 0dad036900c189fc233a5fe25c2edd3a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "modified": "2006-12-03T00:00:00", "published": "2006-12-03T00:00:00", "id": "DEBIAN:DSA-1225-2:C47EB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00326.html", "title": "[SECURITY] [DSA 1225-2] New Mozilla Firefox packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:27:18", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1227-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 4th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mozilla-thunderbird\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464\n CVE-2006-5748\nCERT advisories: VU#335392 VU#390480 VU#495288 VU#714496 \nBugTraq IDs : 19678 20957\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCVE-2006-4310\n\n Tomas Kempinsky discovered that malformed FTP server responses\n could lead to denial of service.\n\nCVE-2006-5462\n\n Ulrich K\u00fchn discovered that the correction for a cryptographic\n flaw in the handling of PKCS-1 certificates was incomplete, which\n allows the forgery of certificates.\n\nCVE-2006-5463\n\n "shutdown" discovered that modification of JavaScript objects\n during execution could lead to the execution of arbitrary\n JavaScript bytecode.\n\nCVE-2006-5464\n\n Jesse Ruderman and Martijn Wargers discovered several crashes in\n the layout engine, which might also allow execution of arbitrary\n code.\n\nCVE-2006-5748\n\n Igor Bukanov and Jesse Ruderman discovered several crashes in the\n JavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.\n\nFor the unstable distribution (sid) these problems have been fixed in\nthe current icedove package 1.5.0.8.\n\nWe recommend that you upgrade your mozilla-thunderbird package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1.dsc\n Size/MD5 checksum: 1003 6c5f746adeacacdf3127e17cb2aa8bee\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1.diff.gz\n Size/MD5 checksum: 529889 28823ccf3573c2dd660fd9d9e3e22b09\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz\n Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_alpha.deb\n Size/MD5 checksum: 12856976 84bc9994e2d58b31b25e2bd069d1def3\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_alpha.deb\n Size/MD5 checksum: 3280854 caa0d6f973d08d3f2b35e52254b00c2d\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_alpha.deb\n Size/MD5 checksum: 152698 d9fdc6a19105ddd536acd60a8ee2ab37\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_alpha.deb\n Size/MD5 checksum: 34122 cafae516210656d77a176415fb8db6f4\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_alpha.deb\n Size/MD5 checksum: 90116 699b3712455d642e224b54c926328a4c\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_amd64.deb\n Size/MD5 checksum: 12259294 289d4d588a4c47385220edb78c04afae\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_amd64.deb\n Size/MD5 checksum: 3282040 f4c6b066917601dad180472abf540098\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_amd64.deb\n Size/MD5 checksum: 151728 58934099903d70e9299390ea13f59df5\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_amd64.deb\n Size/MD5 checksum: 34120 08a6bedf50fe0457cbce271965871b47\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_amd64.deb\n Size/MD5 checksum: 89962 ba63d212aa7a4aeed16ed0f2d80d6a86\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_arm.deb\n Size/MD5 checksum: 10345710 e715702c5b2aa723f9d25802287e94e4\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_arm.deb\n Size/MD5 checksum: 3273096 cce5d1fd85a8409b4af4ff6f7968e9d2\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_arm.deb\n Size/MD5 checksum: 143868 8a3036032e81ef1010e3a3162725a818\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_arm.deb\n Size/MD5 checksum: 34132 f2ab43ddc5f063963bef4e1ff6d9c956\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_arm.deb\n Size/MD5 checksum: 81934 ae1ce06ee154fb9e85fea35aaf5311fc\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_hppa.deb\n Size/MD5 checksum: 13571836 d5c2bbb909b9d6be2ca180f14c307f1e\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_hppa.deb\n Size/MD5 checksum: 3285646 5c9f816a25d33453f59179991ea74d0d\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_hppa.deb\n Size/MD5 checksum: 153926 4f22d429a7781c9f09b4edb68816c853\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_hppa.deb\n Size/MD5 checksum: 34134 cae400c43c5f0f5e0e276a047dbdab20\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_hppa.deb\n Size/MD5 checksum: 97998 bf0c11bb906656980cc4e5744eb464bd\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_i386.deb\n Size/MD5 checksum: 11549564 41a015e8acb35a566e733d5e3efbd26f\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_i386.deb\n Size/MD5 checksum: 3279334 7f4340a3a8a8194a7e99bd818866c57e\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_i386.deb\n Size/MD5 checksum: 147232 ad62baa206ff857d41db06fc9985881e\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_i386.deb\n Size/MD5 checksum: 34122 463263b2b57ed86dcde4f3bb458d0cf7\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_i386.deb\n Size/MD5 checksum: 88704 427bbd7d9754931c19829bc21096553d\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_ia64.deb\n Size/MD5 checksum: 14632100 53cd255c1673064d35138b4ddd9a00dd\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_ia64.deb\n Size/MD5 checksum: 3291608 e4d9bf2df8ae5a7ca3730f12409fe836\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_ia64.deb\n Size/MD5 checksum: 156062 a264399ce67bcfef3823da09effe603f\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_ia64.deb\n Size/MD5 checksum: 34120 beeb92a784afcee38f2ea9c5a5747a8c\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_ia64.deb\n Size/MD5 checksum: 107826 ce5eb8ae242c1e3ae2de7b2dd4638086\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_m68k.deb\n Size/MD5 checksum: 10795348 67b697071cc0d1f5667c6ed7464e90f7\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_m68k.deb\n Size/MD5 checksum: 3272426 d1a76c3cc4d53d311d4fa2933fa241aa\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_m68k.deb\n Size/MD5 checksum: 145646 bb4e9eed4d5639080ad0f40d4b9ccd3e\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_m68k.deb\n Size/MD5 checksum: 34148 7a167f58be69a5f87ae0b6ff696c195b\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_m68k.deb\n Size/MD5 checksum: 83168 00b7c01b14e69d3de5b716a97b531135\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_mips.deb\n Size/MD5 checksum: 11949608 9ec9db79429dda4d407ccf88ccdcd432\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_mips.deb\n Size/MD5 checksum: 3280190 9c5196972a3cf0c2c526f858aca2466e\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_mips.deb\n Size/MD5 checksum: 148640 5797fb7d9315c3143f3764f6b6f85c25\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_mips.deb\n Size/MD5 checksum: 34124 cb575700d4f03213414e5723de4f71e3\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_mips.deb\n Size/MD5 checksum: 85368 0ac0335d952db222dd2cabb47aebaf93\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_mipsel.deb\n Size/MD5 checksum: 11817496 aba31a9b55e305979548c2bc354d25b8\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_mipsel.deb\n Size/MD5 checksum: 3281036 ad64af4aa0945eb30474881150f19368\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_mipsel.deb\n Size/MD5 checksum: 148210 efb0d8070713c0392b4bf515df28b2a2\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_mipsel.deb\n Size/MD5 checksum: 34122 7506a7d0d2452a5aa57a8e729a129afe\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_mipsel.deb\n Size/MD5 checksum: 85264 a660f1051091732b2b827a25169bcd13\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_powerpc.deb\n Size/MD5 checksum: 10913258 2b2bc733b1a9c582846a35e09f790792\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_powerpc.deb\n Size/MD5 checksum: 3270832 f0971f53b8576629a543e31b13b5fc82\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_powerpc.deb\n Size/MD5 checksum: 145640 b0f543ffae409f9c2ed5feb623d9ccc9\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_powerpc.deb\n Size/MD5 checksum: 34126 d00d244fff67496236b40c606eb2b068\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_powerpc.deb\n Size/MD5 checksum: 82090 08904221a4f22160c5448adc5e584892\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_s390.deb\n Size/MD5 checksum: 12706338 9cff7d191572124759121b992f9fcbbe\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_s390.deb\n Size/MD5 checksum: 3281302 32b6910f4a3352602eb5f2fba6496b5c\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_s390.deb\n Size/MD5 checksum: 152014 b85e247ddc89da9251bc96237bc496cb\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_s390.deb\n Size/MD5 checksum: 34118 34fa6f63472be37d37e23ce669dc9ae3\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_s390.deb\n Size/MD5 checksum: 89892 c8e4543a63614010de56776b5b597006\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_sparc.deb\n Size/MD5 checksum: 11182150 3728f5afbe35203ae332876bc1804866\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_sparc.deb\n Size/MD5 checksum: 3276596 305ba0ef1c0dec7b7057af38507a981b\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_sparc.deb\n Size/MD5 checksum: 145322 6799c906fa439170521396913ba7092a\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_sparc.deb\n Size/MD5 checksum: 34118 4ac987cbe24509923ed7cf89c78995dc\n http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_sparc.deb\n Size/MD5 checksum: 83734 191466ecaad65e7781192a118749fc45\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 7, "modified": "2006-12-04T00:00:00", "published": "2006-12-04T00:00:00", "id": "DEBIAN:DSA-1227-1:2A2C7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00328.html", "title": "[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:49:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "description": "The remote host is missing an update to mozilla\nannounced via advisory DSA 1224-1.\n\nSeveral security related problems have been discovered in Mozilla and\nderived products. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:\n\nCVE-2006-4310\n\nTomas Kempinsky discovered that malformed FTP server responses\ncould lead to denial of service.\n\nCVE-2006-5462\n\nUlrich K\u00fchn discovered that the correction for a cryptographic\nflaw in the handling of PKCS-1 certificates was incomplete, which\nallows the forgery of certificates.\n\nCVE-2006-5463\n\nshutdown discovered that modification of JavaScript objects\nduring execution could lead to the execution of arbitrary\nJavaScript bytecode.\n\nCVE-2006-5464\n\nJesse Ruderman and Martijn Wargers discovered several crashes in\nthe layout engine, which might also allow execution of arbitrary\ncode.\n\nCVE-2006-5748\n\nIgor Bukanov and Jesse Ruderman discovered several crashes in the\nJavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57687", "href": "http://plugins.openvas.org/nasl.php?oid=57687", "type": "openvas", "title": "Debian Security Advisory DSA 1224-1 (mozilla)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1224_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1224-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge8.\n\nWe recommend that you upgrade your mozilla package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201224-1\";\ntag_summary = \"The remote host is missing an update to mozilla\nannounced via advisory DSA 1224-1.\n\nSeveral security related problems have been discovered in Mozilla and\nderived products. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:\n\nCVE-2006-4310\n\nTomas Kempinsky discovered that malformed FTP server responses\ncould lead to denial of service.\n\nCVE-2006-5462\n\nUlrich K\u00fchn discovered that the correction for a cryptographic\nflaw in the handling of PKCS-1 certificates was incomplete, which\nallows the forgery of certificates.\n\nCVE-2006-5463\n\nshutdown discovered that modification of JavaScript objects\nduring execution could lead to the execution of arbitrary\nJavaScript bytecode.\n\nCVE-2006-5464\n\nJesse Ruderman and Martijn Wargers discovered several crashes in\nthe layout engine, which might also allow execution of arbitrary\ncode.\n\nCVE-2006-5748\n\nIgor Bukanov and Jesse Ruderman discovered several crashes in the\nJavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.\";\n\n\nif(description)\n{\n script_id(57687);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-4310\", \"CVE-2006-5462\", \"CVE-2006-5463\", \"CVE-2006-5464\", \"CVE-2006-5748\");\n script_bugtraq_id(19678,20957);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1224-1 (mozilla)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-browser\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-calendar\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-chatzilla\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dev\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dom-inspector\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-js-debugger\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-mailnews\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-psm\", ver:\"1.7.8-1sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "description": "The remote host is missing an update to mozilla-thunderbird\nannounced via advisory DSA 1227-1.\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCVE-2006-4310\n\nTomas Kempinsky discovered that malformed FTP server responses\ncould lead to denial of service.\n\nCVE-2006-5462\n\nUlrich K\u00fchn discovered that the correction for a cryptographic\nflaw in the handling of PKCS-1 certificates was incomplete, which\nallows the forgery of certificates.\n\nCVE-2006-5463\n\nshutdown discovered that modification of JavaScript objects\nduring execution could lead to the execution of arbitrary\nJavaScript bytecode.\n\nCVE-2006-5464\n\nJesse Ruderman and Martijn Wargers discovered several crashes in\nthe layout engine, which might also allow execution of arbitrary\ncode.\n\nCVE-2006-5748\n\nIgor Bukanov and Jesse Ruderman discovered several crashes in the\nJavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57691", "href": "http://plugins.openvas.org/nasl.php?oid=57691", "type": "openvas", "title": "Debian Security Advisory DSA 1227-1 (mozilla-thunderbird)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1227_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1227-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.\n\nFor the unstable distribution (sid) these problems have been fixed in\nthe current icedove package 1.5.0.8.\n\nWe recommend that you upgrade your mozilla-thunderbird package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201227-1\";\ntag_summary = \"The remote host is missing an update to mozilla-thunderbird\nannounced via advisory DSA 1227-1.\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCVE-2006-4310\n\nTomas Kempinsky discovered that malformed FTP server responses\ncould lead to denial of service.\n\nCVE-2006-5462\n\nUlrich K\u00fchn discovered that the correction for a cryptographic\nflaw in the handling of PKCS-1 certificates was incomplete, which\nallows the forgery of certificates.\n\nCVE-2006-5463\n\nshutdown discovered that modification of JavaScript objects\nduring execution could lead to the execution of arbitrary\nJavaScript bytecode.\n\nCVE-2006-5464\n\nJesse Ruderman and Martijn Wargers discovered several crashes in\nthe layout engine, which might also allow execution of arbitrary\ncode.\n\nCVE-2006-5748\n\nIgor Bukanov and Jesse Ruderman discovered several crashes in the\nJavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.\";\n\n\nif(description)\n{\n script_id(57691);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-4310\", \"CVE-2006-5462\", \"CVE-2006-5463\", \"CVE-2006-5464\", \"CVE-2006-5748\");\n script_bugtraq_id(19678,20957);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1227-1 (mozilla-thunderbird)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"1.0.2-2.sarge1.0.8d.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"1.0.2-2.sarge1.0.8d.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-inspector\", ver:\"1.0.2-2.sarge1.0.8d.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-offline\", ver:\"1.0.2-2.sarge1.0.8d.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-typeaheadfind\", ver:\"1.0.2-2.sarge1.0.8d.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "description": "The remote host is missing an update to mozilla-firefox\nannounced via advisory DSA 1225-2.\n\nThis update covers packages for the little endian MIPS architecture\nmissing in the original advisory.\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCVE-2006-4310\n\nTomas Kempinsky discovered that malformed FTP server responses\ncould lead to denial of service.\n\nCVE-2006-5462\n\nUlrich K\u00fchn discovered that the correction for a cryptographic\nflaw in the handling of PKCS-1 certificates was incomplete, which\nallows the forgery of certificates.\n\nCVE-2006-5463\n\nshutdown discovered that modification of JavaScript objects\nduring execution could lead to the execution of arbitrary\nJavaScript bytecode.\n\nCVE-2006-5464\n\nJesse Ruderman and Martijn Wargers discovered several crashes in\nthe layout engine, which might also allow execution of arbitrary\ncode.\n\nCVE-2006-5748\n\nIgor Bukanov and Jesse Ruderman discovered several crashes in the\nJavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57689", "href": "http://plugins.openvas.org/nasl.php?oid=57689", "type": "openvas", "title": "Debian Security Advisory DSA 1225-2 (mozilla-firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1225_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1225-2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.\n\nFor the unstable distribution (sid) these problems have been fixed in\nthe current iceweasel package 2.0+dfsg-1.\n\nWe recommend that you upgrade your mozilla-firefox package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201225-2\";\ntag_summary = \"The remote host is missing an update to mozilla-firefox\nannounced via advisory DSA 1225-2.\n\nThis update covers packages for the little endian MIPS architecture\nmissing in the original advisory.\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCVE-2006-4310\n\nTomas Kempinsky discovered that malformed FTP server responses\ncould lead to denial of service.\n\nCVE-2006-5462\n\nUlrich K\u00fchn discovered that the correction for a cryptographic\nflaw in the handling of PKCS-1 certificates was incomplete, which\nallows the forgery of certificates.\n\nCVE-2006-5463\n\nshutdown discovered that modification of JavaScript objects\nduring execution could lead to the execution of arbitrary\nJavaScript bytecode.\n\nCVE-2006-5464\n\nJesse Ruderman and Martijn Wargers discovered several crashes in\nthe layout engine, which might also allow execution of arbitrary\ncode.\n\nCVE-2006-5748\n\nIgor Bukanov and Jesse Ruderman discovered several crashes in the\nJavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.\";\n\n\nif(description)\n{\n script_id(57689);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-4310\", \"CVE-2006-5462\", \"CVE-2006-5463\", \"CVE-2006-5464\", \"CVE-2006-5748\");\n script_bugtraq_id(19678,20957);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1225-2 (mozilla-firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.0.4-2sarge13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"1.0.4-2sarge13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"1.0.4-2sarge13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5748", "CVE-2006-5464", "CVE-2006-4310", "CVE-2006-5463", "CVE-2006-5462"], "description": "The remote host is missing an update to mozilla-firefox\nannounced via advisory DSA 1225-1.\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCVE-2006-4310\n\nTomas Kempinsky discovered that malformed FTP server responses\ncould lead to denial of service.\n\nCVE-2006-5462\n\nUlrich K\u00fchn discovered that the correction for a cryptographic\nflaw in the handling of PKCS-1 certificates was incomplete, which\nallows the forgery of certificates.\n\nCVE-2006-5463\n\nshutdown discovered that modification of JavaScript objects\nduring execution could lead to the execution of arbitrary\nJavaScript bytecode.\n\nCVE-2006-5464\n\nJesse Ruderman and Martijn Wargers discovered several crashes in\nthe layout engine, which might also allow execution of arbitrary\ncode.\n\nCVE-2006-5748\n\nIgor Bukanov and Jesse Ruderman discovered several crashes in the\nJavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57688", "href": "http://plugins.openvas.org/nasl.php?oid=57688", "type": "openvas", "title": "Debian Security Advisory DSA 1225-1 (mozilla-firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1225_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1225-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.\n\nFor the unstable distribution (sid) these problems have been fixed in\nthe current iceweasel package 2.0+dfsg-1.\n\nWe recommend that you upgrade your mozilla-firefox package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201225-1\";\ntag_summary = \"The remote host is missing an update to mozilla-firefox\nannounced via advisory DSA 1225-1.\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCVE-2006-4310\n\nTomas Kempinsky discovered that malformed FTP server responses\ncould lead to denial of service.\n\nCVE-2006-5462\n\nUlrich K\u00fchn discovered that the correction for a cryptographic\nflaw in the handling of PKCS-1 certificates was incomplete, which\nallows the forgery of certificates.\n\nCVE-2006-5463\n\nshutdown discovered that modification of JavaScript objects\nduring execution could lead to the execution of arbitrary\nJavaScript bytecode.\n\nCVE-2006-5464\n\nJesse Ruderman and Martijn Wargers discovered several crashes in\nthe layout engine, which might also allow execution of arbitrary\ncode.\n\nCVE-2006-5748\n\nIgor Bukanov and Jesse Ruderman discovered several crashes in the\nJavaScript engine, which might allow execution of arbitrary code.\n\nThis update also adresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.\";\n\n\nif(description)\n{\n script_id(57688);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-4310\", \"CVE-2006-5462\", \"CVE-2006-5463\", \"CVE-2006-5464\", \"CVE-2006-5748\");\n script_bugtraq_id(19678,20957);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1225-1 (mozilla-firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.0.4-2sarge13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"1.0.4-2sarge13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"1.0.4-2sarge13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
