[SECURITY] Fedora 15 Update: xulrunner-10.0.1-3.fc15

2012-03-06T19:28:35

Description

XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding of Mozilla technolog ies in other projects and products.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	15	xulrunner	10.0.1

{"id": "FEDORA:E9A172121F", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 15 Update: xulrunner-10.0.1-3.fc15", "description": "XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding of Mozilla technolog ies in other projects and products. ", "published": "2012-03-06T19:28:35", "modified": "2012-03-06T19:28:35", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LMMYT2NNKYDAX4DTPK4K27EUOSETQ2AA/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2011-3026"], "immutableFields": [], "lastseen": "2020-12-21T08:17:50", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2012-049"]}, {"type": "centos", "idList": ["CESA-2012:0140", "CESA-2012:0141", "CESA-2012:0142", "CESA-2012:0143", "CESA-2012:0317"]}, {"type": "cert", "idList": ["VU:523889"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-207", "CPAI-2014-1632"]}, {"type": "chrome", "idList": ["GCSA-140639316113366102"]}, {"type": "cve", "idList": ["CVE-2011-3026", "CVE-2011-3045"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2410-1:8641E"]}, {"type": "fedora", "idList": ["FEDORA:0A44B2083E", "FEDORA:113C021484", "FEDORA:135D6213F2", "FEDORA:29B4E212B4", "FEDORA:2E5B62122E", "FEDORA:31EC22125A", "FEDORA:335ED20E91", "FEDORA:40D5120B25", "FEDORA:42F6A21536", "FEDORA:4B73A20DD6", "FEDORA:4ED9921EED", "FEDORA:59DF8224EB", "FEDORA:60F602025F", "FEDORA:6D0B92125D", "FEDORA:73A1F20C71", "FEDORA:7CF8920E67", "FEDORA:82289220A8", "FEDORA:896DC21C43", "FEDORA:8AEFA20B4E", "FEDORA:92CA820F7E", "FEDORA:A3F5521393"]}, {"type": "freebsd", "idList": ["2F5FF968-5829-11E1-8288-00262D5ED8EE", "98690C45-0361-11E2-A391-000C29033C32", "D7DBD2DB-599C-11E1-A2FB-14DAE9EBCF89"]}, {"type": "gentoo", "idList": ["GLSA-201206-15", "GLSA-201301-01"]}, {"type": "mozilla", "idList": ["MFSA2012-11"]}, {"type": "nessus", "idList": ["6322.PASL", "6325.PRM", "6327.PRM", "6329.PRM", "6583.PRM", "6589.PRM", "800966.PRM", "801253.PRM", "801380.PRM", "801381.PRM", "ALA_ALAS-2012-49.NASL", "APPLETV_5_1.NASL", "APPLE_IOS_60_CHECK.NBIN", "CENTOS_RHSA-2012-0140.NASL", "CENTOS_RHSA-2012-0141.NASL", "CENTOS_RHSA-2012-0142.NASL", "CENTOS_RHSA-2012-0143.NASL", "CENTOS_RHSA-2012-0317.NASL", "DEBIAN_DSA-2410.NASL", "EULEROS_SA-2019-1421.NASL", "FEDORA_2012-1794.NASL", "FEDORA_2012-1800.NASL", "FEDORA_2012-1844.NASL", "FEDORA_2012-1845.NASL", "FEDORA_2012-1856.NASL", "FEDORA_2012-1892.NASL", "FEDORA_2012-1922.NASL", "FEDORA_2012-1930.NASL", "FEDORA_2012-2003.NASL", "FEDORA_2012-2008.NASL", "FEDORA_2012-2028.NASL", "FEDORA_2012-4910.NASL", "FEDORA_2012-5028.NASL", "FEDORA_2012-5068.NASL", "FREEBSD_PKG_2F5FF968582911E1828800262D5ED8EE.NASL", "FREEBSD_PKG_D7DBD2DB599C11E1A2FB14DAE9EBCF89.NASL", "GENTOO_GLSA-201206-15.NASL", "GENTOO_GLSA-201301-01.NASL", "GOOGLE_CHROME_17_0_963_56.NASL", "IBM_INFORMIX_GENERO_2_41.NASL", "MACOSX_10_7_5.NASL", "MACOSX_FIREFOX_10_0_2.NASL", "MACOSX_FIREFOX_3_6_27.NASL", "MACOSX_SECUPD2012-004.NASL", "MACOSX_THUNDERBIRD_10_0_2.NASL", "MACOSX_THUNDERBIRD_3_1_19.NASL", "MANDRIVA_MDVSA-2012-022.NASL", "MOZILLA_FIREFOX_1002.NASL", "MOZILLA_FIREFOX_3627.NASL", "MOZILLA_THUNDERBIRD_1002.NASL", "MOZILLA_THUNDERBIRD_3119.NASL", "OPENSUSE-2012-120.NASL", "OPENSUSE-2012-137.NASL", "OPENSUSE-2012-142.NASL", "ORACLELINUX_ELSA-2012-0140.NASL", "ORACLELINUX_ELSA-2012-0141.NASL", "ORACLELINUX_ELSA-2012-0142.NASL", "ORACLELINUX_ELSA-2012-0143.NASL", "ORACLELINUX_ELSA-2012-0317.NASL", "REDHAT-RHSA-2012-0140.NASL", "REDHAT-RHSA-2012-0141.NASL", "REDHAT-RHSA-2012-0142.NASL", "REDHAT-RHSA-2012-0143.NASL", "REDHAT-RHSA-2012-0317.NASL", "SEAMONKEY_272.NASL", "SL_20120216_FIREFOX_ON_SL4_X.NASL", "SL_20120216_XULRUNNER_ON_SL5_X.NASL", "SL_20120220_LIBPNG_ON_SL4_X.NASL", "SOLARIS11_LIBPNG_20130313.NASL", "SUSE_11_4_LIBPNG12-120220.NASL", "SUSE_11_4_LIBPNG14-120220.NASL", "SUSE_11_4_MOZILLA-JS192-120217.NASL", "SUSE_11_4_MOZILLAFIREFOX-120217.NASL", "SUSE_11_4_MOZILLATHUNDERBIRD-120217.NASL", "SUSE_11_4_SEAMONKEY-120217.NASL", "SUSE_11_LIBPNG-DEVEL-120221.NASL", "SUSE_11_MOZILLA-XULRUNNER192-120220.NASL", "SUSE_11_MOZILLAFIREFOX-120220.NASL", "SUSE_LIBPNG-7980.NASL", "SUSE_MOZILLAFIREFOX-7981.NASL", "UBUNTU_USN-1367-1.NASL", "UBUNTU_USN-1367-2.NASL", "UBUNTU_USN-1367-3.NASL", "UBUNTU_USN-1367-4.NASL", "UBUNTU_USN-1369-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120260", "OPENVAS:1361412562310121000", "OPENVAS:1361412562310123984", "OPENVAS:1361412562310123985", "OPENVAS:1361412562310123986", "OPENVAS:136141256231071137", "OPENVAS:136141256231071170", "OPENVAS:136141256231071171", "OPENVAS:136141256231071292", "OPENVAS:136141256231071582", "OPENVAS:1361412562310802597", "OPENVAS:1361412562310802598", "OPENVAS:1361412562310802599", "OPENVAS:1361412562310802968", "OPENVAS:1361412562310803005", "OPENVAS:1361412562310831550", "OPENVAS:1361412562310831561", "OPENVAS:1361412562310840892", "OPENVAS:1361412562310840896", "OPENVAS:1361412562310840897", "OPENVAS:1361412562310840902", "OPENVAS:1361412562310840935", "OPENVAS:1361412562310850229", "OPENVAS:1361412562310850244", "OPENVAS:1361412562310850607", "OPENVAS:1361412562310863755", "OPENVAS:1361412562310863757", "OPENVAS:1361412562310863758", "OPENVAS:1361412562310863829", "OPENVAS:1361412562310863842", "OPENVAS:1361412562310863889", "OPENVAS:1361412562310863981", "OPENVAS:1361412562310864012", "OPENVAS:1361412562310864032", "OPENVAS:1361412562310864102", "OPENVAS:1361412562310864117", "OPENVAS:1361412562310864125", "OPENVAS:1361412562310864136", "OPENVAS:1361412562310864147", "OPENVAS:1361412562310864149", "OPENVAS:1361412562310864175", "OPENVAS:1361412562310864179", "OPENVAS:1361412562310864319", "OPENVAS:1361412562310864335", "OPENVAS:1361412562310864344", "OPENVAS:1361412562310864376", "OPENVAS:1361412562310864380", "OPENVAS:1361412562310870546", "OPENVAS:1361412562310870549", "OPENVAS:1361412562310870564", "OPENVAS:1361412562310870566", "OPENVAS:1361412562310870707", "OPENVAS:1361412562310881072", "OPENVAS:1361412562310881121", "OPENVAS:1361412562310881126", "OPENVAS:1361412562310881133", "OPENVAS:1361412562310881139", "OPENVAS:1361412562310881148", "OPENVAS:1361412562310881188", "OPENVAS:1361412562310881208", "OPENVAS:1361412562310881212", "OPENVAS:1361412562311220191421", "OPENVAS:71137", "OPENVAS:71170", "OPENVAS:71171", "OPENVAS:71292", "OPENVAS:71582", "OPENVAS:802597", "OPENVAS:802598", "OPENVAS:802599", "OPENVAS:802968", "OPENVAS:803005", "OPENVAS:831550", "OPENVAS:831561", "OPENVAS:840892", "OPENVAS:840896", "OPENVAS:840897", "OPENVAS:840902", "OPENVAS:840935", "OPENVAS:850229", "OPENVAS:850244", "OPENVAS:863755", "OPENVAS:863757", "OPENVAS:863758", "OPENVAS:863829", "OPENVAS:863842", "OPENVAS:863889", "OPENVAS:863981", "OPENVAS:864012", "OPENVAS:864032", "OPENVAS:864102", "OPENVAS:864117", "OPENVAS:864125", "OPENVAS:864136", "OPENVAS:864147", "OPENVAS:864149", "OPENVAS:864175", "OPENVAS:864179", "OPENVAS:864319", "OPENVAS:864335", "OPENVAS:864344", "OPENVAS:864376", "OPENVAS:864380", "OPENVAS:870546", "OPENVAS:870549", "OPENVAS:870564", "OPENVAS:870707", "OPENVAS:881072", "OPENVAS:881121", "OPENVAS:881126", "OPENVAS:881133", "OPENVAS:881139", "OPENVAS:881148", "OPENVAS:881188", "OPENVAS:881208", "OPENVAS:881212"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0140", "ELSA-2012-0141", "ELSA-2012-0142", "ELSA-2012-0143", "ELSA-2012-0317"]}, {"type": "redhat", "idList": ["RHSA-2012:0140", "RHSA-2012:0141", "RHSA-2012:0142", "RHSA-2012:0143", "RHSA-2012:0317"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27691", "SECURITYVULNS:DOC:28576", "SECURITYVULNS:DOC:28577", "SECURITYVULNS:DOC:28598", "SECURITYVULNS:VULN:12209", "SECURITYVULNS:VULN:12596", "SECURITYVULNS:VULN:12597", "SECURITYVULNS:VULN:12610"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0297-1", "OPENSUSE-SU-2012:0316-1", "OPENSUSE-SU-2014:1100-1", "SUSE-SU-2012:0298-1", "SUSE-SU-2012:0303-1", "SUSE-SU-2012:0318-1"]}, {"type": "threatpost", "idList": ["THREATPOST:4FEFFA1B0B63381DF2E709F006C9B8BC", "THREATPOST:5ABA4DDB709C933D01DC2E11880B1AFB"]}, {"type": "ubuntu", "idList": ["USN-1367-1", "USN-1367-2", "USN-1367-3", "USN-1367-4", "USN-1369-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-3026"]}]}, "score": {"value": 7.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2012-049"]}, {"type": "centos", "idList": ["CESA-2012:0140", "CESA-2012:0141", "CESA-2012:0142", "CESA-2012:0143", "CESA-2012:0317"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-207", "CPAI-2014-1632"]}, {"type": "chrome", "idList": ["GCSA-140639316113366102"]}, {"type": "cve", "idList": ["CVE-2011-3026"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2410-1:8641E"]}, {"type": "fedora", "idList": ["FEDORA:4ED9921EED"]}, {"type": "freebsd", "idList": ["2F5FF968-5829-11E1-8288-00262D5ED8EE", "98690C45-0361-11E2-A391-000C29033C32", "D7DBD2DB-599C-11E1-A2FB-14DAE9EBCF89"]}, {"type": "gentoo", "idList": ["GLSA-201206-15"]}, {"type": "mozilla", "idList": ["MFSA2012-11"]}, {"type": "nessus", "idList": ["800966.PRM", "CENTOS_RHSA-2012-0142.NASL", "FEDORA_2012-1794.NASL", "FEDORA_2012-1930.NASL", "FEDORA_2012-2008.NASL", "FEDORA_2012-2028.NASL", "GENTOO_GLSA-201206-15.NASL", "IBM_INFORMIX_GENERO_2_41.NASL", "MACOSX_THUNDERBIRD_3_1_19.NASL", "MOZILLA_THUNDERBIRD_1002.NASL", "ORACLELINUX_ELSA-2012-0143.NASL", "SOLARIS11_LIBPNG_20130313.NASL", "SUSE_11_4_MOZILLAFIREFOX-120217.NASL", "SUSE_11_MOZILLA-XULRUNNER192-120220.NASL", "SUSE_11_MOZILLAFIREFOX-120220.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310831561", "OPENVAS:1361412562310840892", "OPENVAS:1361412562310864149", "OPENVAS:1361412562310864380", "OPENVAS:1361412562310881212", "OPENVAS:840902", "OPENVAS:840935", "OPENVAS:864117", "OPENVAS:864125", "OPENVAS:864175"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0317"]}, {"type": "redhat", "idList": ["RHSA-2012:0140"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27691"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0297-1", "SUSE-SU-2012:0303-1"]}, {"type": "threatpost", "idList": ["THREATPOST:5ABA4DDB709C933D01DC2E11880B1AFB"]}, {"type": "ubuntu", "idList": ["USN-1367-1", "USN-1367-3"]}]}, "exploitation": null, "vulnersScore": 7.6}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "15", "arch": "any", "packageName": "xulrunner", "packageVersion": "10.0.1", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"nessus": [{"lastseen": "2021-08-19T12:49:47", "description": "the embedded copy of libpng was prone to a heap based buffer overflow", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-xulrunner192 / etc (openSUSE-2012-120)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-120.NASL", "href": "https://www.tenable.com/plugins/nessus/74549", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-120.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74549);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-xulrunner192 / etc (openSUSE-2012-120)\");\n script_summary(english:\"Check for the openSUSE-2012-120 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"the embedded copy of libpng was prone to a heap based buffer overflow\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747328\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / MozillaThunderbird / mozilla-xulrunner192 / etc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-10.0.2-33.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-10.0.2-33.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-10.0.2-33.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-10.0.2-33.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-10.0.2-33.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-10.0.2-33.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-10.0.2-33.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.3.5+10.0.2-33.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.3.5+10.0.2-33.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js192-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js192-debuginfo-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-debuginfo-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-debugsource-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-devel-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-devel-debuginfo-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-gnome-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-gnome-debuginfo-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.7.2-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.7.2-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.7.2-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.7.2-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.7.2-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.7.2-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.7.2-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.7.2-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js192-debuginfo-32bit-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-debuginfo-32bit-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.27-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-10.0.2-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-10.0.2-2.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:42", "description": "XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : xulrunner on SL5.x, SL6.x i386/x86_64 (20120216)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:xulrunner", "p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo", "p-cpe:/a:fermilab:scientific_linux:xulrunner-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120216_XULRUNNER_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61253);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"Scientific Linux Security Update : xulrunner on SL5.x, SL6.x i386/x86_64 (20120216)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"XULRunner provides the XUL Runtime environment for applications using\nthe Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause an application linked against\nXULRunner (such as Firefox) to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, applications using\nXULRunner must be restarted for the changes to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=3309\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f3b4580\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected xulrunner, xulrunner-debuginfo and / or\nxulrunner-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.2.26-2.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-debuginfo-1.9.2.26-2.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.2.26-2.el5_7\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-1.9.2.26-2.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-debuginfo-1.9.2.26-2.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-1.9.2.26-2.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner / xulrunner-debuginfo / xulrunner-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:46", "description": "Versions of SeaMonkey 2.x earlier than 2.7.2 are potentially affected by an integer overflow vulnerability in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "Mozilla SeaMonkey 2.x < 2.7.2 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-20T00:00:00", "cpe": [], "id": "801380.PRM", "href": "https://www.tenable.com/plugins/lce/801380", "sourceData": "Binary data 801380.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:33", "description": "From Red Hat Security Advisory 2012:0317 :\n\nUpdated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 / 6 : libpng (ELSA-2012-0317)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libpng", "p-cpe:/a:oracle:linux:libpng-devel", "p-cpe:/a:oracle:linux:libpng-static", "p-cpe:/a:oracle:linux:libpng10", "p-cpe:/a:oracle:linux:libpng10-devel", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0317.NASL", "href": "https://www.tenable.com/plugins/nessus/68485", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0317 and \n# Oracle Linux Security Advisory ELSA-2012-0317 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68485);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"RHSA\", value:\"2012:0317\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : libpng (ELSA-2012-0317)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0317 :\n\nUpdated libpng and libpng10 packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker\ncould create a specially crafted PNG image that, when opened, could\ncause an application using libpng to crash or, possibly, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002621.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002622.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002623.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"libpng-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpng-devel-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpng10-1.0.16-10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpng10-devel-1.0.16-10.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libpng-1.2.10-15.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libpng-devel-1.2.10-15.el5_7\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"libpng-1.2.46-2.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libpng-devel-1.2.46-2.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libpng-static-1.2.46-2.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel / libpng-static / libpng10 / libpng10-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:56", "description": "Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-29T00:00:00", "type": "nessus", "title": "Fedora 17 : thunderbird-10.0.1-2.fc17 (2012-1794)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-1794.NASL", "href": "https://www.tenable.com/plugins/nessus/58149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1794.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58149);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-1794\");\n\n script_name(english:\"Fedora 17 : thunderbird-10.0.1-2.fc17 (2012-1794)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791185\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/074019.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69a21a8f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"thunderbird-10.0.1-2.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:49", "description": "The installed version of Thunderbird 3.1.x is earlier than 3.1.19 and is, therefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird 3.1.x < 3.1.19 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_3119.NASL", "href": "https://www.tenable.com/plugins/nessus/58008", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58008);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"Mozilla Thunderbird 3.1.x < 3.1.19 'png_decompress_chunk' Integer Overflow\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is potentially\naffected by an integer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird 3.1.x is earlier than 3.1.19 and\nis, therefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this\napplication. When decompressing certain PNG image files, this error\ncan allow a heap-based buffer overflow which can crash the\napplication or potentially allow code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 3.1.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'3.1.19', min:'3.1.0', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:46", "description": "Versions of SeaMonkey 2.x earlier than 2.7.2 are potentially affected by an integer overflow vulnerability in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "SeaMonkey 2.x < 2.7.2 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*"], "id": "6329.PRM", "href": "https://www.tenable.com/plugins/nnm/6329", "sourceData": "Binary data 6329.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:56", "description": "This update addresses an integer overflow in the libpng10 PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-29T00:00:00", "type": "nessus", "title": "Fedora 17 : libpng10-1.0.57-1.fc17 (2012-2003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng10", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-2003.NASL", "href": "https://www.tenable.com/plugins/nessus/58154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2003.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58154);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-2003\");\n\n script_name(english:\"Fedora 17 : libpng10-1.0.57-1.fc17 (2012-2003)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses an integer overflow in the libpng10 PNG library,\nwhich could lead to the execution of arbitrary code if a malformed\nimage is processed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790737\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/074045.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba12fc37\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"libpng10-1.0.57-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:49", "description": "This update addresses an integer overflow in the libpng10 PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-29T00:00:00", "type": "nessus", "title": "Fedora 16 : libpng10-1.0.57-1.fc16 (2012-2028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng10", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-2028.NASL", "href": "https://www.tenable.com/plugins/nessus/58156", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2028.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58156);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-2028\");\n\n script_name(english:\"Fedora 16 : libpng10-1.0.57-1.fc16 (2012-2028)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses an integer overflow in the libpng10 PNG library,\nwhich could lead to the execution of arbitrary code if a malformed\nimage is processed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790737\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073767.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0a071d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"libpng10-1.0.57-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:58", "description": "USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Thunderbird.\n\nJueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerability (USN-1367-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1367-3.NASL", "href": "https://www.tenable.com/plugins/nessus/58035", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1367-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58035);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"USN\", value:\"1367-3\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerability (USN-1367-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1367-1 fixed vulnerabilities in libpng. This provides the\ncorresponding update for Thunderbird.\n\nJueri Aedla discovered that libpng did not properly verify the size\nused when allocating memory during chunk decompression. If a user or\nautomated system using libpng were tricked into opening a specially\ncrafted image, an attacker could exploit this to cause a denial of\nservice or execute code with the privileges of the user invoking the\nprogram. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1367-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"thunderbird\", pkgver:\"3.1.19+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"thunderbird\", pkgver:\"3.1.19+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"thunderbird\", pkgver:\"3.1.19+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:50", "description": "An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird handled PNG (Portable Network Graphics) images. An HTML mail message or remote content containing a specially crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "RHEL 6 : thunderbird (RHSA-2012:0140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0140.NASL", "href": "https://www.tenable.com/plugins/nessus/57992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0140. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57992);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0140\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2012:0140)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird\nhandled PNG (Portable Network Graphics) images. An HTML mail message\nor remote content containing a specially crafted PNG image could cause\nThunderbird to crash or, possibly, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Thunderbird must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3026\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0140\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-3.1.18-2.el6_2\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:48", "description": "Versions of Mozilla Thunderbird 10.x prior to 10.0.2 are affected by an integer overflow error in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution. ", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"], "id": "6327.PRM", "href": "https://www.tenable.com/plugins/nnm/6327", "sourceData": "Binary data 6327.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:54", "description": "Fix nasty buffer overrun bug, CVE-2011-3026\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-29T00:00:00", "type": "nessus", "title": "Fedora 15 : libpng-1.2.46-2.fc15 (2012-1930)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-1930.NASL", "href": "https://www.tenable.com/plugins/nessus/58152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1930.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58152);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-1930\");\n\n script_name(english:\"Fedora 15 : libpng-1.2.46-2.fc15 (2012-1930)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix nasty buffer overrun bug, CVE-2011-3026\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790737\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073736.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd4c67e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libpng-1.2.46-2.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:46", "description": "Versions of Firefox 10.x earlier than 10.0.2 are potentially affected by an integer overflow vulnerability. An integer overflow error exists in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "Mozilla Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-20T00:00:00", "cpe": [], "id": "801253.PRM", "href": "https://www.tenable.com/plugins/lce/801253", "sourceData": "Binary data 801253.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:54", "description": "Mozilla Firefox was updated to 3.6.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),", "cvss3": {"score": null, "vector": null}, "published": "2012-02-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7981)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-7981.NASL", "href": "https://www.tenable.com/plugins/nessus/58116", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58116);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7981)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to 3.6.27 to fix a security issue with the\nembedded libpng, where a integer overflow could allow remote attackers\nto crash the browser or potentially execute code (CVE-2011-3026),\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3026.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7981.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-3.6.27-0.5.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-translations-3.6.27-0.5.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner192-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner192-gnome-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner192-translations-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-3.6.27-0.5.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-translations-3.6.27-0.5.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner192-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner192-gnome-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner192-translations-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.5.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.27-0.5.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:45", "description": "A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026).\n\nlibpng 1.2 was updated to 1.2.47 to fix this issue.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libpng12 (libpng12-5846)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng12-0", "p-cpe:/a:novell:opensuse:libpng12-0-32bit", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng12-compat-devel", "p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng12-debugsource", "p-cpe:/a:novell:opensuse:libpng12-devel", "p-cpe:/a:novell:opensuse:libpng12-devel-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LIBPNG12-120220.NASL", "href": "https://www.tenable.com/plugins/nessus/75912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpng12-5846.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75912);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"openSUSE Security Update : libpng12 (libpng12-5846)\");\n script_summary(english:\"Check for the libpng12-5846 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow in libpng was fixed that could\npotentially be exploited by attackers to execute arbitrary code or\ncause an application to crash (CVE-2011-3026).\n\nlibpng 1.2 was updated to 1.2.47 to fix this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747311\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-0-1.2.47-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-0-debuginfo-1.2.47-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-compat-devel-1.2.47-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-debugsource-1.2.47-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-devel-1.2.47-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.47-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-32bit-1.2.47-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng12-compat-devel-32bit-1.2.47-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng12-devel-32bit-1.2.47-0.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "An updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nMozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "RHEL 4 : firefox (RHSA-2012:0142)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2012-0142.NASL", "href": "https://www.tenable.com/plugins/nessus/57994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0142. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57994);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0142\");\n\n script_name(english:\"RHEL 4 : firefox (RHSA-2012:0142)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated firefox package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled\nPNG (Portable Network Graphics) images. A web page containing a\nmalicious PNG image could cause Firefox to crash or, possibly, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Firefox must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3026\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0142\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.6.26-3.el4\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:50", "description": "The installed version of Firefox 3.6.x is earlier than 3.6.27 and is, therefore, potentially affected by an integer overflow vulnerability in libpng, a library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-21T00:00:00", "type": "nessus", "title": "Firefox 3.6.x < 3.6.27 png_decompress_chunk Integer Overflow (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_3_6_27.NASL", "href": "https://www.tenable.com/plugins/nessus/58072", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58072);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"Firefox 3.6.x < 3.6.27 png_decompress_chunk Integer Overflow (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is potentially\naffected by an integer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox 3.6.x is earlier than 3.6.27 and is,\ntherefore, potentially affected by an integer overflow vulnerability\nin libpng, a library used by this application. When decompressing\ncertain PNG image files, this could be exploited to crash the\napplication or even execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 3.6.27 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'3.6.27', min:'3.6', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:48", "description": "Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXULRunner provides the XUL Runtime environment for applications using the Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : xulrunner (CESA-2012:0143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0143.NASL", "href": "https://www.tenable.com/plugins/nessus/57985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0143 and \n# CentOS Errata and Security Advisory 2012:0143 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57985);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0143\");\n\n script_name(english:\"CentOS 5 / 6 : xulrunner (CESA-2012:0143)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xulrunner packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nXULRunner provides the XUL Runtime environment for applications using\nthe Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause an application linked against\nXULRunner (such as Firefox) to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, applications using\nXULRunner must be restarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018440.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f8d3356\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018443.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94e861db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3026\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.2.26-2.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.2.26-2.el5_7\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"xulrunner-1.9.2.26-2.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xulrunner-devel-1.9.2.26-2.el6.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:42", "description": "Mozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL4.x i386/x86_64 (20120216)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120216_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61251);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x i386/x86_64 (20120216)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled\nPNG (Portable Network Graphics) images. A web page containing a\nmalicious PNG image could cause Firefox to crash or, possibly, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Firefox must be\nrestarted for the changes to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=3433\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79079504\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 4.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.6.26-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"firefox-debuginfo-3.6.26-3.el4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:56", "description": "libpng was prone to a heap based buffer overflow vulnerability (bnc#747311)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libpng12 / libpng14 (openSUSE-2012-137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng12-0", "p-cpe:/a:novell:opensuse:libpng12-0-32bit", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng12-compat-devel", "p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng12-debugsource", "p-cpe:/a:novell:opensuse:libpng12-devel", "p-cpe:/a:novell:opensuse:libpng12-devel-32bit", "p-cpe:/a:novell:opensuse:libpng14-14", "p-cpe:/a:novell:opensuse:libpng14-14-32bit", "p-cpe:/a:novell:opensuse:libpng14-14-debuginfo", "p-cpe:/a:novell:opensuse:libpng14-14-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng14-compat-devel", "p-cpe:/a:novell:opensuse:libpng14-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng14-debugsource", "p-cpe:/a:novell:opensuse:libpng14-devel", "p-cpe:/a:novell:opensuse:libpng14-devel-32bit", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-137.NASL", "href": "https://www.tenable.com/plugins/nessus/74559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-137.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74559);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"openSUSE Security Update : libpng12 / libpng14 (openSUSE-2012-137)\");\n script_summary(english:\"Check for the openSUSE-2012-137 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libpng was prone to a heap based buffer overflow vulnerability\n(bnc#747311)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747311\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12 / libpng14 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng12-0-1.2.47-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng12-0-debuginfo-1.2.47-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng12-compat-devel-1.2.47-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng12-debugsource-1.2.47-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng12-devel-1.2.47-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng14-14-1.4.9-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng14-14-debuginfo-1.4.9-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng14-compat-devel-1.4.9-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng14-debugsource-1.4.9-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpng14-devel-1.4.9-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.47-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-32bit-1.2.47-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpng12-compat-devel-32bit-1.2.47-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpng12-devel-32bit-1.2.47-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpng14-14-32bit-1.4.9-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpng14-14-debuginfo-32bit-1.4.9-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpng14-compat-devel-32bit-1.4.9-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpng14-devel-32bit-1.4.9-3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12-0 / libpng12-0-32bit / libpng12-0-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:55:53", "description": "The installed version of IBM Informix Genero is earlier than 2.41 and is, therefore, potentially affected by an integer overflow vulnerability in the libpng library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-31T00:00:00", "type": "nessus", "title": "IBM Informix Genero < 2.41 png_decompress_chunk Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2019-12-04T00:00:00", "cpe": ["cpe:/a:ibm:informix", "x-cpe:/a:ibm:informix_genero"], "id": "IBM_INFORMIX_GENERO_2_41.NASL", "href": "https://www.tenable.com/plugins/nessus/64379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64379);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"IBM Informix Genero < 2.41 png_decompress_chunk Integer Overflow\");\n script_summary(english:\"Checks version of IBM Informix Genero\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has software installed that is potentially affected by\nan integer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of IBM Informix Genero is earlier than 2.41 and\nis, therefore, potentially affected by an integer overflow vulnerability\nin the libpng library used by this application. When decompressing\ncertain PNG image files, this could be exploited to crash the\napplication or even execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21620982\");\n # https://www.ibm.com/blogs/psirt/security-bulletin-ibm-informix-genero-vulnerable-to-libpng-chunk-decompression-integer-overflow-vulnerability-cve-2011-3026/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0c30d9c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM Informix Genero 2.41 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3026\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:informix\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:ibm:informix_genero\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_informix_genero_installed.nasl\");\n script_require_keys(\"SMB/IBM_Informix_Genero/Installed\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nappname = 'IBM Informix Genero';\nkb_base = \"SMB/IBM_Informix_Genero/\";\nreport = '';\nfix = \"2.41\";\n\nnum_installed = get_kb_item_or_exit(kb_base + 'NumInstalled');\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\nfor (install_num =0; install_num < num_installed; install_num++) \n{\n ver = get_kb_item_or_exit(kb_base+install_num+\"/Version\", exit_code:1);\n path = get_kb_item_or_exit(kb_base+install_num+\"/Path\");\n\n if (ver =~\"2\\.\" && ver_compare(ver:ver, fix:fix, strict:FALSE) == -1)\n {\n report += \n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix + '\\n';\n }\n}\nif (report !='')\n{\n if (report_verbosity > 0) security_hole(port:port, extra:report);\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:05", "description": "A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026).", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libpng14 (libpng14-5847)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng14-14", "p-cpe:/a:novell:opensuse:libpng14-14-32bit", "p-cpe:/a:novell:opensuse:libpng14-14-debuginfo", "p-cpe:/a:novell:opensuse:libpng14-14-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng14-compat-devel", "p-cpe:/a:novell:opensuse:libpng14-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng14-debugsource", "p-cpe:/a:novell:opensuse:libpng14-devel", "p-cpe:/a:novell:opensuse:libpng14-devel-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LIBPNG14-120220.NASL", "href": "https://www.tenable.com/plugins/nessus/75914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpng14-5847.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75914);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"openSUSE Security Update : libpng14 (libpng14-5847)\");\n script_summary(english:\"Check for the libpng14-5847 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow in libpng was fixed that could\npotentially be exploited by attackers to execute arbitrary code or\ncause an application to crash (CVE-2011-3026).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747311\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng14 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-14-1.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-14-debuginfo-1.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-compat-devel-1.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-debugsource-1.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-devel-1.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng14-14-32bit-1.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng14-14-debuginfo-32bit-1.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng14-compat-devel-32bit-1.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng14-devel-32bit-1.4.4-3.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng14\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:58", "description": "The installed version of Firefox is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability in libpng, a library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-21T00:00:00", "type": "nessus", "title": "Firefox < 10.0.2 png_decompress_chunk Integer Overflow (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_10_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/58074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58074);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"Firefox < 10.0.2 png_decompress_chunk Integer Overflow (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is potentially\naffected by an integer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 10.0.2 and is,\ntherefore, potentially affected by an integer overflow vulnerability\nin libpng, a library used by this application. When decompressing\ncertain PNG image files, this could be exploited to crash the\napplication or even execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 10.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'10.0.2', skippat:'3\\\\.6\\\\.', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:45", "description": "Mozilla SeaMonkey was updated to 2.7.2 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : seamonkey (seamonkey-5834)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_SEAMONKEY-120217.NASL", "href": "https://www.tenable.com/plugins/nessus/76028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5834.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76028);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-5834)\");\n script_summary(english:\"Check for the seamonkey-5834 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to 2.7.2 to fix a security issue with\nthe embedded libpng, where a integer overflow could allow remote\nattackers to crash the browser or potentially execute code\n(CVE-2011-3026),\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747328\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.7.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.7.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.7.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.7.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.7.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.7.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.7.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.7.2-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-21T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 / 6 : libpng / libpng10 (CESA-2012:0317)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpng", "p-cpe:/a:centos:centos:libpng-devel", "p-cpe:/a:centos:centos:libpng-static", "p-cpe:/a:centos:centos:libpng10", "p-cpe:/a:centos:centos:libpng10-devel", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0317.NASL", "href": "https://www.tenable.com/plugins/nessus/58042", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0317 and \n# CentOS Errata and Security Advisory 2012:0317 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58042);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0317\");\n\n script_name(english:\"CentOS 4 / 5 / 6 : libpng / libpng10 (CESA-2012:0317)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng and libpng10 packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker\ncould create a specially crafted PNG image that, when opened, could\ncause an application using libpng to crash or, possibly, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018445.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36932609\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018446.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6dc1551\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018447.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54a74547\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018449.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bab4d037\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng and / or libpng10 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3026\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng-devel-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng-devel-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng10-1.0.16-10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng10-1.0.16-10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng10-devel-1.0.16-10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng10-devel-1.0.16-10.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"libpng-1.2.10-15.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpng-devel-1.2.10-15.el5_7\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"libpng-1.2.46-2.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libpng-devel-1.2.46-2.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libpng-static-1.2.46-2.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel / libpng-static / libpng10 / libpng10-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:53", "description": "Mozilla Thunderbird was updated to 3.1.19 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_MOZILLATHUNDERBIRD-120217.NASL", "href": "https://www.tenable.com/plugins/nessus/75970", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-5826.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75970);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5826)\");\n script_summary(english:\"Check for the MozillaThunderbird-5826 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird was updated to 3.1.19 to fix a security issue with\nthe embedded libpng, where a integer overflow could allow remote\nattackers to crash the browser or potentially execute code\n(CVE-2011-3026),\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747328\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-3.1.19-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-buildsymbols-3.1.19-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debuginfo-3.1.19-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debugsource-3.1.19-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-devel-3.1.19-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-devel-debuginfo-3.1.19-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-common-3.1.19-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-other-3.1.19-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-1.1.2+3.1.19-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-debuginfo-1.1.2+3.1.19-0.25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:49", "description": "This update addresses an integer overflow in the libpng10 PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-29T00:00:00", "type": "nessus", "title": "Fedora 15 : libpng10-1.0.57-1.fc15 (2012-2008)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng10", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-2008.NASL", "href": "https://www.tenable.com/plugins/nessus/58155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2008.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58155);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-2008\");\n\n script_name(english:\"Fedora 15 : libpng10-1.0.57-1.fc15 (2012-2008)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses an integer overflow in the libpng10 PNG library,\nwhich could lead to the execution of arbitrary code if a malformed\nimage is processed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790737\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073754.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c9ee61f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libpng10-1.0.57-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:47", "description": "Versions of Firefox 10.x prior to 10.0.2 are affected by an integer overflow vulnerability. An integer overflow error exists in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "Mozilla Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "id": "6325.PRM", "href": "https://www.tenable.com/plugins/nnm/6325", "sourceData": "Binary data 6325.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:57", "description": "Fix nasty buffer overrun bug, CVE-2011-3026\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-29T00:00:00", "type": "nessus", "title": "Fedora 17 : libpng-1.5.8-2.fc17 (2012-1892)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-1892.NASL", "href": "https://www.tenable.com/plugins/nessus/58150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1892.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58150);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-1892\");\n\n script_name(english:\"Fedora 17 : libpng-1.5.8-2.fc17 (2012-1892)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix nasty buffer overrun bug, CVE-2011-3026\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790737\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073924.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?010450a1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"libpng-1.5.8-2.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:35", "description": "MozillaFirefox was updated to 10.0.2 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-5825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_MOZILLAFIREFOX-120217.NASL", "href": "https://www.tenable.com/plugins/nessus/75953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-5825.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75953);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-5825)\");\n script_summary(english:\"Check for the MozillaFirefox-5825 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaFirefox was updated to 10.0.2 to fix a security issue with the\nembedded libpng, where a integer overflow could allow remote attackers\nto crash the browser or potentially execute code (CVE-2011-3026),\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747328\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-10.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-branding-upstream-10.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-buildsymbols-10.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debuginfo-10.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debugsource-10.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-devel-10.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-common-10.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-other-10.0.2-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:55", "description": "The Mozilla Project reports :\n\nMFSA 2012-11 libpng integer overflow", "cvss3": {"score": null, "vector": null}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "FreeBSD : mozilla -- heap-buffer overflow (d7dbd2db-599c-11e1-a2fb-14dae9ebcf89)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:linux-firefox", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:thunderbird", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_D7DBD2DB599C11E1A2FB14DAE9EBCF89.NASL", "href": "https://www.tenable.com/plugins/nessus/58022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58022);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"FreeBSD : mozilla -- heap-buffer overflow (d7dbd2db-599c-11e1-a2fb-14dae9ebcf89)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2012-11 libpng integer overflow\"\n );\n # https://www.mozilla.org/security/announce/2012/mfsa2012-11.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\"\n );\n # https://vuxml.freebsd.org/freebsd/d7dbd2db-599c-11e1-a2fb-14dae9ebcf89.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2fd4ac6a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>=10.0,1<10.0.2,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox>=3.6.*,1<3.6.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox>=10.0,1<10.0.2,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey>=2.7<2.7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird>=10.0<10.0.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey>=2.7<2.7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird>=10.0<10.0.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird>3.1.*<3.1.19\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:49", "description": "A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash. (CVE-2011-3026)", "cvss3": {"score": null, "vector": null}, "published": "2012-02-29T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : libpng (ZYPP Patch Number 7980)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBPNG-7980.NASL", "href": "https://www.tenable.com/plugins/nessus/58167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58167);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"SuSE 10 Security Update : libpng (ZYPP Patch Number 7980)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow in libpng was fixed that could\npotentially be exploited by attackers to execute arbitrary code or\ncause an application to crash. (CVE-2011-3026)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3026.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7980.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libpng-1.2.8-19.33.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libpng-devel-1.2.8-19.33.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libpng-32bit-1.2.8-19.33.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.8-19.33.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libpng-1.2.8-19.33.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libpng-devel-1.2.8-19.33.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libpng-32bit-1.2.8-19.33.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.8-19.33.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:48", "description": "Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor.\n\nA heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "RHEL 4 : seamonkey (RHSA-2012:0141)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2012-0141.NASL", "href": "https://www.tenable.com/plugins/nessus/57993", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0141. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57993);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0141\");\n\n script_name(english:\"RHEL 4 : seamonkey (RHSA-2012:0141)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client,\nIRC chat client, and HTML editor.\n\nA heap-based buffer overflow flaw was found in the way SeaMonkey\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause SeaMonkey to crash or, possibly,\nexecute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3026\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0141\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-79.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-79.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-79.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-79.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-79.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-79.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:53:33", "description": "From Red Hat Security Advisory 2012:0141 :\n\nUpdated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor.\n\nA heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : seamonkey (ELSA-2012-0141)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:seamonkey", "p-cpe:/a:oracle:linux:seamonkey-chat", "p-cpe:/a:oracle:linux:seamonkey-devel", "p-cpe:/a:oracle:linux:seamonkey-dom-inspector", "p-cpe:/a:oracle:linux:seamonkey-js-debugger", "p-cpe:/a:oracle:linux:seamonkey-mail", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2012-0141.NASL", "href": "https://www.tenable.com/plugins/nessus/68463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0141 and \n# Oracle Linux Security Advisory ELSA-2012-0141 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68463);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0141\");\n\n script_name(english:\"Oracle Linux 4 : seamonkey (ELSA-2012-0141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0141 :\n\nUpdated SeaMonkey packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client,\nIRC chat client, and HTML editor.\n\nA heap-based buffer overflow flaw was found in the way SeaMonkey\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause SeaMonkey to crash or, possibly,\nexecute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002615.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-chat-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-devel-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-dom-inspector-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-js-debugger-1.0.9-79.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-mail-1.0.9-79.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "Fix nasty buffer overrun bug, CVE-2011-3026\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-21T00:00:00", "type": "nessus", "title": "Fedora 16 : libpng-1.2.46-2.fc16 (2012-1922)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-1922.NASL", "href": "https://www.tenable.com/plugins/nessus/58051", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1922.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58051);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-1922\");\n\n script_name(english:\"Fedora 16 : libpng-1.2.46-2.fc16 (2012-1922)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix nasty buffer overrun bug, CVE-2011-3026\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790737\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073493.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?619903e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"libpng-1.2.46-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:50", "description": "The installed version of SeaMonkey is earlier than 2.7.2. Such versions are potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "SeaMonkey < 2.7.2 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_272.NASL", "href": "https://www.tenable.com/plugins/nessus/58009", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58009);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"SeaMonkey < 2.7.2 'png_decompress_chunk' Integer Overflow\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote Windows host contains a web browser that is affected by\nan integer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of SeaMonkey is earlier than 2.7.2. Such\nversions are potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this\napplication. When decompressing certain PNG image files, this error\ncan allow a heap-based buffer overflow which can crash the\napplication or potentially allow code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.7.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.7.2', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:54", "description": "The installed version of Thunderbird 3.1.x is earlier than 3.1.19 and is, therefore, potentially affected by an integer overflow vulnerability in libpng, a library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-21T00:00:00", "type": "nessus", "title": "Thunderbird 3.1.x < 3.1.19 png_decompress_chunk Integer Overflow (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_3_1_19.NASL", "href": "https://www.tenable.com/plugins/nessus/58073", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58073);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"Thunderbird 3.1.x < 3.1.19 png_decompress_chunk Integer Overflow (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains an email client that is potentially\naffected by an integer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\n\"The installed version of Thunderbird 3.1.x is earlier than 3.1.19 and\nis, therefore, potentially affected by an integer overflow\nvulnerability in libpng, a library used by this application. When\ndecompressing certain PNG image files, this could be exploited to\ncrash the application or even execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 3.1.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:TRUE);\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n# nb: make sure we have at least 3 parts for the check.\nfor (i=max_index(ver); i<3; i++)\n ver[i] = 0;\n\nif (ver[0] == 3 && ver[1] == 1 && ver[2] < 19)\n{\n if (report_verbosity > 0)\n {\n info +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.1.19' + '\\n';\n security_hole(port:0, extra:info);\n }\n else security_hole(0);\n exit(0);\n}\nelse \n{\n if (ver[0] == 3 && ver[1] == 1) exit(0, \"The Thunderbird \"+version+\" install is not affected.\");\n else exit(0, \"Thunderbird 3.1.x is not installed.\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:50", "description": "Security issues were identified and fixed in mozilla firefox and thunderbird :\n\nAn integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable (CVE-2011-3026).\n\nThe mozilla firefox and thunderbird packages has been upgraded to the latest respective versions whish is not affecte dby this security flaw.\n\nAdditionally the rootcerts packages (root CA cerificates bundle) has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes.\n\nUpdate :\n\nThis is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-22T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : mozilla (MDVSA-2012:022-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:firefox", "p-cpe:/a:mandriva:linux:firefox-af", "p-cpe:/a:mandriva:linux:firefox-ar", "p-cpe:/a:mandriva:linux:firefox-ast", "p-cpe:/a:mandriva:linux:firefox-be", "p-cpe:/a:mandriva:linux:firefox-bg", "p-cpe:/a:mandriva:linux:firefox-bn_BD", "p-cpe:/a:mandriva:linux:firefox-bn_IN", "p-cpe:/a:mandriva:linux:firefox-br", "p-cpe:/a:mandriva:linux:firefox-bs", "p-cpe:/a:mandriva:linux:firefox-ca", "p-cpe:/a:mandriva:linux:firefox-cs", "p-cpe:/a:mandriva:linux:firefox-cy", "p-cpe:/a:mandriva:linux:firefox-da", "p-cpe:/a:mandriva:linux:firefox-de", "p-cpe:/a:mandriva:linux:firefox-devel", "p-cpe:/a:mandriva:linux:firefox-el", "p-cpe:/a:mandriva:linux:firefox-en_GB", "p-cpe:/a:mandriva:linux:firefox-en_ZA", "p-cpe:/a:mandriva:linux:firefox-eo", "p-cpe:/a:mandriva:linux:firefox-es_AR", "p-cpe:/a:mandriva:linux:firefox-es_CL", "p-cpe:/a:mandriva:linux:firefox-es_ES", "p-cpe:/a:mandriva:linux:firefox-es_MX", "p-cpe:/a:mandriva:linux:firefox-et", "p-cpe:/a:mandriva:linux:firefox-eu", "p-cpe:/a:mandriva:linux:firefox-fa", "p-cpe:/a:mandriva:linux:firefox-fi", "p-cpe:/a:mandriva:linux:firefox-fr", "p-cpe:/a:mandriva:linux:firefox-fy", "p-cpe:/a:mandriva:linux:firefox-ga_IE", "p-cpe:/a:mandriva:linux:firefox-gd", "p-cpe:/a:mandriva:linux:firefox-gl", "p-cpe:/a:mandriva:linux:firefox-gu_IN", "p-cpe:/a:mandriva:linux:firefox-he", "p-cpe:/a:mandriva:linux:firefox-hi", "p-cpe:/a:mandriva:linux:firefox-hr", "p-cpe:/a:mandriva:linux:firefox-hu", "p-cpe:/a:mandriva:linux:firefox-hy", "p-cpe:/a:mandriva:linux:firefox-id", "p-cpe:/a:mandriva:linux:firefox-is", "p-cpe:/a:mandriva:linux:firefox-it", "p-cpe:/a:mandriva:linux:firefox-ja", "p-cpe:/a:mandriva:linux:firefox-kk", "p-cpe:/a:mandriva:linux:firefox-kn", "p-cpe:/a:mandriva:linux:firefox-ko", "p-cpe:/a:mandriva:linux:firefox-ku", "p-cpe:/a:mandriva:linux:firefox-lg", "p-cpe:/a:mandriva:linux:firefox-lt", "p-cpe:/a:mandriva:linux:firefox-lv", "p-cpe:/a:mandriva:linux:firefox-mai", "p-cpe:/a:mandriva:linux:firefox-mk", "p-cpe:/a:mandriva:linux:firefox-ml", "p-cpe:/a:mandriva:linux:firefox-mr", "p-cpe:/a:mandriva:linux:firefox-nb_NO", "p-cpe:/a:mandriva:linux:firefox-nl", "p-cpe:/a:mandriva:linux:firefox-nn_NO", "p-cpe:/a:mandriva:linux:firefox-nso", "p-cpe:/a:mandriva:linux:firefox-or", "p-cpe:/a:mandriva:linux:firefox-pa_IN", "p-cpe:/a:mandriva:linux:firefox-pl", "p-cpe:/a:mandriva:linux:firefox-pt_BR", "p-cpe:/a:mandriva:linux:firefox-pt_PT", "p-cpe:/a:mandriva:linux:firefox-ro", "p-cpe:/a:mandriva:linux:firefox-ru", "p-cpe:/a:mandriva:linux:firefox-si", "p-cpe:/a:mandriva:linux:firefox-sk", "p-cpe:/a:mandriva:linux:firefox-sl", "p-cpe:/a:mandriva:linux:firefox-sq", "p-cpe:/a:mandriva:linux:firefox-sr", "p-cpe:/a:mandriva:linux:firefox-sv_SE", "p-cpe:/a:mandriva:linux:firefox-ta", "p-cpe:/a:mandriva:linux:firefox-ta_LK", "p-cpe:/a:mandriva:linux:firefox-te", "p-cpe:/a:mandriva:linux:firefox-th", "p-cpe:/a:mandriva:linux:firefox-tr", "p-cpe:/a:mandriva:linux:firefox-uk", "p-cpe:/a:mandriva:linux:firefox-vi", "p-cpe:/a:mandriva:linux:firefox-zh_CN", "p-cpe:/a:mandriva:linux:firefox-zh_TW", "p-cpe:/a:mandriva:linux:firefox-zu", "p-cpe:/a:mandriva:linux:lib64nss-devel", "p-cpe:/a:mandriva:linux:lib64nss-static-devel", "p-cpe:/a:mandriva:linux:lib64nss3", "p-cpe:/a:mandriva:linux:libnss-devel", "p-cpe:/a:mandriva:linux:libnss-static-devel", "p-cpe:/a:mandriva:linux:libnss3", "p-cpe:/a:mandriva:linux:mozilla-thunderbird", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-be", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-br", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-da", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-de", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-el", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-et", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-he", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-id", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-is", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-it", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-si", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ta_LK", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW", "p-cpe:/a:mandriva:linux:nsinstall", "p-cpe:/a:mandriva:linux:nss", "p-cpe:/a:mandriva:linux:rootcerts", "p-cpe:/a:mandriva:linux:rootcerts-java", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-022.NASL", "href": "https://www.tenable.com/plugins/nessus/58082", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:022. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58082);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"MDVSA\", value:\"2012:022-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla (MDVSA-2012:022-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues were identified and fixed in mozilla firefox and\nthunderbird :\n\nAn integer overflow in the libpng library can lead to a heap-buffer\noverflow when decompressing certain PNG images. This leads to a crash,\nwhich may be potentially exploitable (CVE-2011-3026).\n\nThe mozilla firefox and thunderbird packages has been upgraded to the\nlatest respective versions whish is not affecte dby this security\nflaw.\n\nAdditionally the rootcerts packages (root CA cerificates bundle) has\nbeen upgraded to the latest version as of 2012/02/18 and the NSS\nlibrary has been rebuilt accordingly to pickup the changes.\n\nUpdate :\n\nThis is a symbolic advisory correction because there was a clash with\nMDVSA-2012:022 that addressed libpng.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/security/announce/2012/mfsa2012-11.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn_BD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_CL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_MX\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ta_LK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ta_LK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nsinstall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rootcerts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rootcerts-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-af-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ar-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ast-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-be-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-bg-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-bn_BD-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-bn_IN-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-br-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-bs-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ca-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-cs-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-cy-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-da-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-de-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-devel-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-el-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-en_GB-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-en_ZA-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-eo-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-es_AR-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-es_CL-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-es_ES-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-es_MX-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-et-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-eu-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fa-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fi-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fr-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fy-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ga_IE-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-gd-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-gl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-gu_IN-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-he-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-hi-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-hr-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-hu-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-hy-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-id-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-is-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-it-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ja-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-kk-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-kn-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ko-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ku-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-lg-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-lt-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-lv-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-mai-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-mk-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ml-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-mr-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nb_NO-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nn_NO-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nso-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-or-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pa_IN-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pt_BR-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pt_PT-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ro-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ru-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-si-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sk-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sq-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sr-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sv_SE-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ta-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ta_LK-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-te-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-th-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-tr-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-uk-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-vi-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-zh_CN-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-zh_TW-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-zu-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nss-devel-3.13.1-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nss-static-devel-3.13.1-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nss3-3.13.1-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnss-devel-3.13.1-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnss-static-devel-3.13.1-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnss3-3.13.1-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ar-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-be-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-bg-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-bn_BD-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-br-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ca-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-cs-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-da-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-de-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-el-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-en_GB-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ar-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ca-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-cs-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-de-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-el-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-es-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-fi-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-fr-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-it-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ja-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ko-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-nb-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-nl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pt-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pt_BR-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ru-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-sl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-sv-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-tr-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-vi-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-zh_CN-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-zh_TW-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-es_AR-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-es_ES-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-et-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-eu-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fi-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fr-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fy-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ga-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-gd-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-gl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-he-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-hu-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-id-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-is-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-it-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ja-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ko-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-lightning-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-lt-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nb_NO-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nn_NO-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pt_BR-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pt_PT-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ro-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ru-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-si-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sk-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sl-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sq-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sv_SE-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ta_LK-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-tr-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-uk-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-vi-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-zh_CN-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-zh_TW-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nsinstall-10.0.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nss-3.13.1-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"rootcerts-20120218.00-1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"rootcerts-java-20120218.00-1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-af-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ar-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ast-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-be-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bg-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bn_BD-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bn_IN-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-br-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bs-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ca-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-cs-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-cy-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-da-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-de-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-devel-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-el-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-en_GB-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-en_ZA-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-eo-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_AR-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_CL-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_ES-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_MX-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-et-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-eu-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fa-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fi-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fr-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fy-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ga_IE-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-gd-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-gl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-gu_IN-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-he-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hi-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hr-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hu-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hy-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-id-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-is-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-it-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ja-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-kk-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-kn-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ko-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ku-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-lg-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-lt-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-lv-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-mai-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-mk-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ml-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-mr-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nb_NO-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nn_NO-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nso-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-or-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pa_IN-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pt_BR-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pt_PT-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ro-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ru-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-si-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sk-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sq-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sr-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sv_SE-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ta-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ta_LK-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-te-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-th-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-tr-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-uk-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-vi-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-zh_CN-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-zh_TW-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-zu-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nss-devel-3.13.1-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nss-static-devel-3.13.1-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nss3-3.13.1-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnss-devel-3.13.1-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnss-static-devel-3.13.1-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnss3-3.13.1-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ar-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-be-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-bg-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-bn_BD-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-br-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ca-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-cs-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-da-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-de-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-el-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-en_GB-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ar-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ca-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-cs-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-de-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-el-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-es-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-fi-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-fr-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-it-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ja-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ko-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-nb-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-nl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-pl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-pt-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-pt_BR-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ru-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-sl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-sv-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-tr-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-vi-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-zh_CN-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-zh_TW-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-es_AR-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-es_ES-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-et-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-eu-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-fi-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-fr-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-fy-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ga-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-gd-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-gl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-he-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-hu-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-id-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-is-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-it-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ja-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ko-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-lightning-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-lt-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-nb_NO-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-nl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-nn_NO-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-pl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-pt_BR-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-pt_PT-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ro-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ru-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-si-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-sk-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-sl-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-sq-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-sv_SE-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ta_LK-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-tr-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-uk-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-vi-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-zh_CN-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-zh_TW-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"nsinstall-10.0.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"nss-3.13.1-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"rootcerts-20120218.00-1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"rootcerts-java-20120218.00-1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "The installed version of Firefox 3.6.x is earlier than 3.6.27 and is, therefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "Firefox 3.6.x < 3.6.27 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_3627.NASL", "href": "https://www.tenable.com/plugins/nessus/58006", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(58006);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"Firefox 3.6.x < 3.6.27 'png_decompress_chunk' Integer Overflow\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser that is potentially\naffected by an integer overflow vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Firefox 3.6.x is earlier than 3.6.27 and is,\ntherefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this\napplication. When decompressing certain PNG image files, this error\ncan allow a heap-based buffer overflow which can crash the\napplication or potentially allow code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 3.6.27 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.27', min:'3.6', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:52:54", "description": "A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : libpng (ALAS-2012-49)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-17T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libpng", "p-cpe:/a:amazon:linux:libpng-debuginfo", "p-cpe:/a:amazon:linux:libpng-devel", "p-cpe:/a:amazon:linux:libpng-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-49.NASL", "href": "https://www.tenable.com/plugins/nessus/69656", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-49.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69656);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/17\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"ALAS\", value:\"2012-49\");\n script_xref(name:\"RHSA\", value:\"2012:0317\");\n\n script_name(english:\"Amazon Linux AMI : libpng (ALAS-2012-49)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was found in libpng. An attacker\ncould create a specially crafted PNG image that, when opened, could\ncause an application using libpng to crash or, possibly, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-49.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libpng' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libpng-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libpng-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libpng-1.2.46-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libpng-debuginfo-1.2.46-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libpng-devel-1.2.46-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libpng-static-1.2.46-2.10.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-debuginfo / libpng-devel / libpng-static\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:41", "description": "- Fixes an issue that may cause hangs when handling IMAP mail (mozbz#733731)\n\n - Fixes an issue that may cause filters that move mail to specific folders to be erronously changed (mozbz#735940) Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-09T00:00:00", "type": "nessus", "title": "Fedora 15 : thunderbird-11.0.1-1.fc15 (2012-5068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-5068.NASL", "href": "https://www.tenable.com/plugins/nessus/58634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5068.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58634);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"FEDORA\", value:\"2012-5068\");\n\n script_name(english:\"Fedora 15 : thunderbird-11.0.1-1.fc15 (2012-5068)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes an issue that may cause hangs when handling IMAP\n mail (mozbz#733731)\n\n - Fixes an issue that may cause filters that move mail\n to specific folders to be erronously changed\n (mozbz#735940) Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791185\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/076871.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0616aacc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"thunderbird-11.0.1-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:49", "description": "The installed version of Thunderbird 10.x is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability in libpng, a library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-21T00:00:00", "type": "nessus", "title": "Thunderbird 10.x < 10.0.2 png_decompress_chunk Integer Overflow (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_10_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/58075", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58075);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"Thunderbird 10.x < 10.0.2 png_decompress_chunk Integer Overflow (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains an email client that is potentially\naffected by an integer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird 10.x is earlier than 10.0.2 and\nis, therefore, potentially affected by an integer overflow\nvulnerability in libpng, a library used by this application. When\ndecompressing certain PNG image files, this could be exploited to\ncrash the application or even execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 10.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, fix:'10.0.2', skippat:'^3\\\\.6\\\\.', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:50", "description": "The installed version of Firefox 10.x is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_1002.NASL", "href": "https://www.tenable.com/plugins/nessus/58005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(58005);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser that is potentially\naffected by an integer overflow vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Firefox 10.x is earlier than 10.0.2 and is,\ntherefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this\napplication. When decompressing certain PNG image files, this error\ncan allow a heap-based buffer overflow which can crash the\napplication or potentially allow code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 10.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.2', min:'10.0', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:58", "description": "Fix for the libpng security flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-02T00:00:00", "type": "nessus", "title": "Fedora 17 : xulrunner-10.0.1-3.fc17 (2012-1800)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-1800.NASL", "href": "https://www.tenable.com/plugins/nessus/58189", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1800.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58189);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"FEDORA\", value:\"2012-1800\");\n\n script_name(english:\"Fedora 17 : xulrunner-10.0.1-3.fc17 (2012-1800)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for the libpng security flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791184\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074194.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9c94e9a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"xulrunner-10.0.1-3.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:37", "description": "- Fixes an issue that may cause hangs when handling IMAP mail (mozbz#733731)\n\n - Fixes an issue that may cause filters that move mail to specific folders to be erronously changed (mozbz#735940) Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "Fedora 17 : thunderbird-11.0.1-1.fc17 (2012-4910)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-4910.NASL", "href": "https://www.tenable.com/plugins/nessus/58706", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4910.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58706);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"FEDORA\", value:\"2012-4910\");\n\n script_name(english:\"Fedora 17 : thunderbird-11.0.1-1.fc17 (2012-4910)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes an issue that may cause hangs when handling IMAP\n mail (mozbz#733731)\n\n - Fixes an issue that may cause filters that move mail\n to specific folders to be erronously changed\n (mozbz#735940) Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791185\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077632.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d8587348\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"thunderbird-11.0.1-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:40", "description": "- Fixes an issue that may cause hangs when handling IMAP mail (mozbz#733731)\n\n - Fixes an issue that may cause filters that move mail to specific folders to be erronously changed (mozbz#735940) Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-02T00:00:00", "type": "nessus", "title": "Fedora 16 : thunderbird-11.0.1-1.fc16 (2012-5028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-5028.NASL", "href": "https://www.tenable.com/plugins/nessus/58555", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5028.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58555);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"FEDORA\", value:\"2012-5028\");\n\n script_name(english:\"Fedora 16 : thunderbird-11.0.1-1.fc16 (2012-5028)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes an issue that may cause hangs when handling IMAP\n mail (mozbz#733731)\n\n - Fixes an issue that may cause filters that move mail\n to specific folders to be erronously changed\n (mozbz#735940) Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791185\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076668.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1449f8f3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"thunderbird-11.0.1-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:55", "description": "Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-23T00:00:00", "type": "nessus", "title": "Fedora 16 : thunderbird-10.0.1-2.fc16 (2012-1844)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-1844.NASL", "href": "https://www.tenable.com/plugins/nessus/58098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1844.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58098);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-1844\");\n\n script_name(english:\"Fedora 16 : thunderbird-10.0.1-2.fc16 (2012-1844)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes a libpng flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791185\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073583.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c38cadee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"thunderbird-10.0.1-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "Fix for the libpng security flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-07T00:00:00", "type": "nessus", "title": "Fedora 15 : xulrunner-10.0.1-3.fc15 (2012-1845)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-1845.NASL", "href": "https://www.tenable.com/plugins/nessus/58253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1845.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58253);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"FEDORA\", value:\"2012-1845\");\n\n script_name(english:\"Fedora 15 : xulrunner-10.0.1-3.fc15 (2012-1845)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for the libpng security flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791184\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074364.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e226e1ab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"xulrunner-10.0.1-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:46", "description": "Versions of Thunderbird 10.x earlier than 10.0.2 are potentially affected by an integer overflow error in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution. ", "cvss3": {"score": null, "vector": null}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-20T00:00:00", "cpe": [], "id": "801381.PRM", "href": "https://www.tenable.com/plugins/lce/801381", "sourceData": "Binary data 801381.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:01", "description": "Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-16T00:00:00", "type": "nessus", "title": "Debian DSA-2410-1 : libpng - integer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libpng", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2410.NASL", "href": "https://www.tenable.com/plugins/nessus/57964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2410. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57964);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"DSA\", value:\"2410\");\n\n script_name(english:\"Debian DSA-2410-1 : libpng - integer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jueri Aedla discovered an integer overflow in the libpng PNG library,\nwhich could lead to the execution of arbitrary code if a malformed\nimage is processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libpng\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2410\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libpng packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libpng12-0\", reference:\"1.2.44-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpng12-0-udeb\", reference:\"1.2.44-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpng12-dev\", reference:\"1.2.44-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpng3\", reference:\"1.2.44-1+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:50", "description": "Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor.\n\nA heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "CentOS 4 : seamonkey (CESA-2012:0141)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:seamonkey", "p-cpe:/a:centos:centos:seamonkey-chat", "p-cpe:/a:centos:centos:seamonkey-devel", "p-cpe:/a:centos:centos:seamonkey-dom-inspector", "p-cpe:/a:centos:centos:seamonkey-js-debugger", "p-cpe:/a:centos:centos:seamonkey-mail", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2012-0141.NASL", "href": "https://www.tenable.com/plugins/nessus/57983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0141 and \n# CentOS Errata and Security Advisory 2012:0141 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57983);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0141\");\n\n script_name(english:\"CentOS 4 : seamonkey (CESA-2012:0141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client,\nIRC chat client, and HTML editor.\n\nA heap-based buffer overflow flaw was found in the way SeaMonkey\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause SeaMonkey to crash or, possibly,\nexecute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018442.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d029c371\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3026\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-79.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-79.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "An updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nMozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "CentOS 4 : firefox (CESA-2012:0142)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2012-0142.NASL", "href": "https://www.tenable.com/plugins/nessus/57984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0142 and \n# CentOS Errata and Security Advisory 2012:0142 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57984);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0142\");\n\n script_name(english:\"CentOS 4 : firefox (CESA-2012:0142)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated firefox package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled\nPNG (Portable Network Graphics) images. A web page containing a\nmalicious PNG image could cause Firefox to crash or, possibly, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Firefox must be\nrestarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018441.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7acfa334\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3026\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.6.26-3.el4.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.6.26-3.el4.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "The installed version of Thunderbird 10.x is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_1002.NASL", "href": "https://www.tenable.com/plugins/nessus/58007", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58007);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n\n script_name(english:\"Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is potentially\naffected by an integer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird 10.x is earlier than 10.0.2 and is,\ntherefore, potentially affected by an integer overflow vulnerability.\n\nAn integer overflow error exists in 'libpng', a library used by this\napplication. When decompressing certain PNG image files, this error\ncan allow a heap-based buffer overflow which can crash the\napplication or potentially allow code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6846f277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 10.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'10.0.2', min:'10.0', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:54", "description": "Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXULRunner provides the XUL Runtime environment for applications using the Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-17T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : xulrunner (RHSA-2012:0143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0143.NASL", "href": "https://www.tenable.com/plugins/nessus/57995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0143. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57995);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0143\");\n\n script_name(english:\"RHEL 5 / 6 : xulrunner (RHSA-2012:0143)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xulrunner packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nXULRunner provides the XUL Runtime environment for applications using\nthe Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause an application linked against\nXULRunner (such as Firefox) to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, applications using\nXULRunner must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3026\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected xulrunner, xulrunner-debuginfo and / or\nxulrunner-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0143\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.2.26-2.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.2.26-2.el5_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.26-2.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.26-2.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.26-2.el6_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner / xulrunner-debuginfo / xulrunner-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-21T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : libpng (RHSA-2012:0317)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libpng", "p-cpe:/a:redhat:enterprise_linux:libpng-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libpng-devel", "p-cpe:/a:redhat:enterprise_linux:libpng-static", "p-cpe:/a:redhat:enterprise_linux:libpng10", "p-cpe:/a:redhat:enterprise_linux:libpng10-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0317.NASL", "href": "https://www.tenable.com/plugins/nessus/58068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0317. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58068);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0317\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : libpng (RHSA-2012:0317)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng and libpng10 packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker\ncould create a specially crafted PNG image that, when opened, could\ncause an application using libpng to crash or, possibly, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3026\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0317\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"libpng-1.2.7-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libpng-devel-1.2.7-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libpng10-1.0.16-10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libpng10-devel-1.0.16-10.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"libpng-1.2.10-15.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libpng-devel-1.2.10-15.el5_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"libpng-1.2.46-2.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libpng-debuginfo-1.2.46-2.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libpng-devel-1.2.46-2.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libpng-static-1.2.46-2.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libpng-static-1.2.46-2.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libpng-static-1.2.46-2.el6_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-debuginfo / libpng-devel / libpng-static / libpng10 / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:55", "description": "USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Firefox.\n\nJueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerability (USN-1367-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1367-2.NASL", "href": "https://www.tenable.com/plugins/nessus/58034", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1367-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58034);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_bugtraq_id(52049);\n script_xref(name:\"USN\", value:\"1367-2\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerability (USN-1367-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1367-1 fixed vulnerabilities in libpng. This provides the\ncorresponding update for Firefox.\n\nJueri Aedla discovered that libpng did not properly verify the size\nused when allocating memory during chunk decompression. If a user or\nautomated system using libpng were tricked into opening a specially\ncrafted image, an attacker could exploit this to cause a denial of\nservice or execute code with the privileges of the user invoking the\nprogram. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1367-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"10.0.2+build1-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox\", pkgver:\"10.0.2+build1-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"10.0.2+build1-0ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"firefox\", pkgver:\"10.0.2+build1-0ubuntu0.11.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:55", "description": "USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Xulrunner.\n\nJueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerability (USN-1367-4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1367-4.NASL", "href": "https://www.tenable.com/plugins/nessus/58036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1367-4. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58036);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"USN\", value:\"1367-4\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerability (USN-1367-4)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1367-1 fixed vulnerabilities in libpng. This provides the\ncorresponding update for Xulrunner.\n\nJueri Aedla discovered that libpng did not properly verify the size\nused when allocating memory during chunk decompression. If a user or\nautomated system using libpng were tricked into opening a specially\ncrafted image, an attacker could exploit this to cause a denial of\nservice or execute code with the privileges of the user invoking the\nprogram. (CVE-2011-3026).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1367-4/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner-1.9.2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.27+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner-1.9.2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:25", "description": "The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libpng on SL4.x, SL5.x, SL6.x i386/x86_64 (20120220)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libpng", "p-cpe:/a:fermilab:scientific_linux:libpng-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libpng-devel", "p-cpe:/a:fermilab:scientific_linux:libpng-static", "p-cpe:/a:fermilab:scientific_linux:libpng10", "p-cpe:/a:fermilab:scientific_linux:libpng10-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libpng10-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120220_LIBPNG_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61254", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61254);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"Scientific Linux Security Update : libpng on SL4.x, SL5.x, SL6.x i386/x86_64 (20120220)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA heap-based buffer overflow flaw was found in libpng. An attacker\ncould create a specially crafted PNG image that, when opened, could\ncause an application using libpng to crash or, possibly, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=3665\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47a385a6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libpng-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libpng-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libpng10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"libpng-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpng-debuginfo-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpng-devel-1.2.7-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpng10-1.0.16-10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpng10-debuginfo-1.0.16-10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpng10-devel-1.0.16-10.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"libpng-1.2.10-15.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpng-debuginfo-1.2.10-15.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpng-devel-1.2.10-15.el5_7\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"libpng-1.2.46-2.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpng-debuginfo-1.2.46-2.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpng-devel-1.2.46-2.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpng-static-1.2.46-2.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-debuginfo / libpng-devel / libpng-static / libpng10 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:51", "description": "An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird handled PNG (Portable Network Graphics) images. An HTML mail message or remote content containing a specially crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-21T00:00:00", "type": "nessus", "title": "CentOS 6 : thunderbird (CESA-2012:0140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0140.NASL", "href": "https://www.tenable.com/plugins/nessus/58041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0140 and \n# CentOS Errata and Security Advisory 2012:0140 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58041);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0140\");\n\n script_name(english:\"CentOS 6 : thunderbird (CESA-2012:0140)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird\nhandled PNG (Portable Network Graphics) images. An HTML mail message\nor remote content containing a specially crafted PNG image could cause\nThunderbird to crash or, possibly, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Thunderbird must be\nrestarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39a81b8a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3026\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-3.1.18-2.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:09", "description": "Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mozilla-js192 (mozilla-js192-5832)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_MOZILLA-JS192-120217.NASL", "href": "https://www.tenable.com/plugins/nessus/75962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-js192-5832.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75962);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"openSUSE Security Update : mozilla-js192 (mozilla-js192-5832)\");\n script_summary(english:\"Check for the mozilla-js192-5832 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with\nthe embedded libpng, where a integer overflow could allow remote\nattackers to crash the browser or potentially execute code\n(CVE-2011-3026),\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747328\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-js192 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-debuginfo-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debuginfo-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debugsource-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-debuginfo-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-debuginfo-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-debuginfo-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-debuginfo-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.27-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.27-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner192\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:49", "description": "Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),", "cvss3": {"score": null, "vector": null}, "published": "2012-02-24T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Mozilla XULrunner (SAT Patch Number 5840)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_MOZILLA-XULRUNNER192-120220.NASL", "href": "https://www.tenable.com/plugins/nessus/58114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58114);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"SuSE 11.1 Security Update : Mozilla XULrunner (SAT Patch Number 5840)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with\nthe embedded libpng, where a integer overflow could allow remote\nattackers to crash the browser or potentially execute code\n(CVE-2011-3026),\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3026.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5840.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-gnome-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-translations-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-gnome-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-translations-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.27-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.27-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash. (CVE-2011-3026)", "cvss3": {"score": null, "vector": null}, "published": "2012-02-29T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libpng (SAT Patch Number 5857)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libpng-devel", "p-cpe:/a:novell:suse_linux:11:libpng12-0", "p-cpe:/a:novell:suse_linux:11:libpng12-0-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBPNG-DEVEL-120221.NASL", "href": "https://www.tenable.com/plugins/nessus/58165", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58165);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"SuSE 11.1 Security Update : libpng (SAT Patch Number 5857)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow in libpng was fixed that could\npotentially be exploited by attackers to execute arbitrary code or\ncause an application to crash. (CVE-2011-3026)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3026.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5857.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libpng-devel-1.2.31-5.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libpng12-0-1.2.31-5.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpng-devel-1.2.31-5.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpng12-0-1.2.31-5.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libpng12-0-1.2.31-5.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libpng12-0-32bit-1.2.31-5.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "Mozilla Firefox was updated to 10.0.2 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),", "cvss3": {"score": null, "vector": null}, "published": "2012-02-24T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5838)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_MOZILLAFIREFOX-120220.NASL", "href": "https://www.tenable.com/plugins/nessus/58112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58112);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3026\");\n\n script_name(english:\"SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5838)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to 10.0.2 to fix a security issue with the\nembedded libpng, where a integer overflow could allow remote attackers\nto crash the browser or potentially execute code (CVE-2011-3026),\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3026.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5838.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-10.0.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-translations-10.0.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-10.0.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-10.0.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-10.0.2-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-translations-10.0.2-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:53:33", "description": "From Red Hat Security Advisory 2012:0140 :\n\nAn updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird handled PNG (Portable Network Graphics) images. An HTML mail message or remote content containing a specially crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : thunderbird (ELSA-2012-0140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0140.NASL", "href": "https://www.tenable.com/plugins/nessus/68462", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0140 and \n# Oracle Linux Security Advisory ELSA-2012-0140 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68462);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0140\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2012-0140)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2012:0140 :\n\nAn updated thunderbird package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird\nhandled PNG (Portable Network Graphics) images. An HTML mail message\nor remote content containing a specially crafted PNG image could cause\nThunderbird to crash or, possibly, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2011-3026)\n\nAll Thunderbird users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Thunderbird must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002618.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-3.1.18-2.0.1.el6_2\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:34", "description": "From Red Hat Security Advisory 2012:0142 :\n\nAn updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nMozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : firefox (ELSA-2012-0142)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2012-0142.NASL", "href": "https://www.tenable.com/plugins/nessus/68464", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0142 and \n# Oracle Linux Security Advisory ELSA-2012-0142 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68464);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0142\");\n\n script_name(english:\"Oracle Linux 4 : firefox (ELSA-2012-0142)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2012:0142 :\n\nAn updated firefox package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nMozilla Firefox is an open source web browser.\n\nA heap-based buffer overflow flaw was found in the way Firefox handled\nPNG (Portable Network Graphics) images. A web page containing a\nmalicious PNG image could cause Firefox to crash or, possibly, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-3026)\n\nAll Firefox users should upgrade to this updated package, which\ncorrects this issue. After installing the update, Firefox must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002616.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-3.6.26-3.0.1.el4\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:53:52", "description": "From Red Hat Security Advisory 2012:0143 :\n\nUpdated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXULRunner provides the XUL Runtime environment for applications using the Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : xulrunner (ELSA-2012-0143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:xulrunner-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0143.NASL", "href": "https://www.tenable.com/plugins/nessus/68465", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0143 and \n# Oracle Linux Security Advisory ELSA-2012-0143 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68465);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"RHSA\", value:\"2012:0143\");\n\n script_name(english:\"Oracle Linux 5 / 6 : xulrunner (ELSA-2012-0143)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0143 :\n\nUpdated xulrunner packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nXULRunner provides the XUL Runtime environment for applications using\nthe Gecko layout engine.\n\nA heap-based buffer overflow flaw was found in the way XULRunner\nhandled PNG (Portable Network Graphics) images. A web page containing\na malicious PNG image could cause an application linked against\nXULRunner (such as Firefox) to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2011-3026)\n\nAll XULRunner users should upgrade to these updated packages, which\ncorrect this issue. After installing the update, applications using\nXULRunner must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002617.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002619.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.2.26-2.0.1.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.2.26-2.0.1.el5_7\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-1.9.2.26-2.0.1.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-1.9.2.26-2.0.1.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:58", "description": "Fix for the libpng security flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-20T00:00:00", "type": "nessus", "title": "Fedora 16 : xulrunner-10.0.1-3.fc16 (2012-1856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-1856.NASL", "href": "https://www.tenable.com/plugins/nessus/58020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1856.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58020);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3026\");\n script_xref(name:\"FEDORA\", value:\"2012-1856\");\n\n script_name(english:\"Fedora 16 : xulrunner-10.0.1-3.fc16 (2012-1856)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for the libpng security flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791184\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073467.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?628b4e7c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"xulrunner-10.0.1-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:11", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. (CVE-2011-3026)\n\n - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. (CVE-2011-3048)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : libpng (multiple_vulnerabilities_in_libpng2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-3048"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:libpng"], "id": "SOLARIS11_LIBPNG_20130313.NASL", "href": "https://www.tenable.com/plugins/nessus/80674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80674);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3026\", \"CVE-2011-3048\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libpng (multiple_vulnerabilities_in_libpng2)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Integer overflow in libpng, as used in Google Chrome\n before 17.0.963.56, allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via unknown vectors that trigger an integer\n truncation. (CVE-2011-3026)\n\n - The png_set_text_2 function in pngset.c in libpng 1.0.x\n before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11,\n and 1.5.x before 1.5.10 allows remote attackers to cause\n a denial of service (crash) or execute arbitrary code\n via a crafted text chunk in a PNG image file, which\n triggers a memory allocation failure that is not\n properly handled, leading to a heap-based buffer\n overflow. (CVE-2011-3048)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-libpng\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b18717c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libpng\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libpng$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.0.0.0.0\", sru:\"SRU 0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libpng\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libpng\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:43", "description": "Mozilla Foundation Security Advisory 2012-11\r\n\r\nTitle: libpng integer overflow\r\nImpact: Critical\r\nAnnounced: February 16, 2012\r\nReporter:\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 10.0.2\r\n Firefox ESR 10.0.2\r\n Firefox 3.6.27\r\n Thunderbird 10.0.2\r\n Thunderbird ESR 10.0.2\r\n Thunderbird 3.1.19\r\n SeaMonkey 2.7.2\r\nDescription\r\n\r\nAn integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable.\r\n\r\nReferences\r\n\r\nlibpng: integer overflow leading to heap-buffer overflow\r\nCVE-2011-3026\r\n", "edition": 1, "cvss3": {}, "published": "2012-02-22T00:00:00", "title": "Mozilla Foundation Security Advisory 2012-11", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-22T00:00:00", "id": "SECURITYVULNS:DOC:27691", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27691", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2020-04-17T12:45:58", "description": "[3.1.18-2.0.1.el6_2]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.18-2]\n- added fix for mozbz#727401", "cvss3": {}, "published": "2012-02-16T00:00:00", "type": "oraclelinux", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-16T00:00:00", "id": "ELSA-2012-0140", "href": "http://linux.oracle.com/errata/ELSA-2012-0140.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:43:15", "description": "[1.9.2.26-2.0.1.el6_2]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n[1.9.2.26-2]\n- added fix for mozbz#727401", "cvss3": {}, "published": "2012-02-16T00:00:00", "type": "oraclelinux", "title": "xulrunner security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-16T00:00:00", "id": "ELSA-2012-0143", "href": "http://linux.oracle.com/errata/ELSA-2012-0143.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:44:03", "description": "[3.6.26-3.0.1.el4]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.26-3]\n- Added fix for mzbz#727401", "cvss3": {}, "published": "2012-02-16T00:00:00", "type": "oraclelinux", "title": "firefox security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-16T00:00:00", "id": "ELSA-2012-0142", "href": "http://linux.oracle.com/errata/ELSA-2012-0142.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:47:08", "description": "[2:1.2.46-2]\n- Fix CVE-2011-3026\nResolves: #791007", "cvss3": {}, "published": "2012-02-20T00:00:00", "type": "oraclelinux", "title": "libpng security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-20T00:00:00", "id": "ELSA-2012-0317", "href": "http://linux.oracle.com/errata/ELSA-2012-0317.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T12:41:52", "description": "[1.0.9-79.0.1.el4]\n- Add mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and remove corresponding RedHat ones\n[1.0.9-79.el4]\n- Added fix for mozbz#727401", "cvss3": {}, "published": "2012-02-16T00:00:00", "type": "oraclelinux", "title": "seamonkey security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-16T00:00:00", "id": "ELSA-2012-0141", "href": "http://linux.oracle.com/errata/ELSA-2012-0141.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:47:01", "description": "A heap-based buffer overflow in libpng was fixed that could\n potentially be exploited by attackers to execute arbitrary\n code or cause an application to crash (CVE-2011-3026).\n", "cvss3": {}, "published": "2012-02-28T22:37:10", "type": "suse", "title": "Security update for libpng (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-28T22:37:10", "id": "SUSE-SU-2012:0318-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00029.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:39:19", "description": "Mozilla Firefox was updated to 10.0.2 to fix a security\n issue with the embedded libpng, where a integer overflow\n could allow remote attackers to crash the browser or\n potentially execute code (CVE-2011-3026),\n", "cvss3": {}, "published": "2012-02-27T01:08:38", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-27T01:08:38", "id": "SUSE-SU-2012:0303-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:39:31", "description": "Mozilla XULRunner was updated to 1.9.2.27 to fix a security\n issue with the embedded libpng, where a integer overflow\n could allow remote attackers to crash the browser or\n potentially execute code (CVE-2011-3026),\n\n", "cvss3": {}, "published": "2012-02-24T16:08:11", "type": "suse", "title": "mozilla-xulrunner192: 1.9.2.27 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-24T16:08:11", "id": "OPENSUSE-SU-2012:0297-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:05:46", "description": "A heap-based buffer overflow in libpng was fixed that could\n potentially be exploited by attackers to execute arbitrary\n code or cause an application to crash (CVE-2011-3026).\n\n libpng 1.2 was updated to 1.2.47 to fix this issue.\n\n", "cvss3": {}, "published": "2012-02-28T22:36:59", "type": "suse", "title": "libpng12: Fixed a heap based buffer overflow (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-28T22:36:59", "id": "OPENSUSE-SU-2012:0316-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00028.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:39:20", "description": "Mozilla XULRunner was updated to 1.9.2.27 to fix a security\n issue with the embedded libpng, where a integer overflow\n could allow remote attackers to crash the browser or\n potentially execute code (CVE-2011-3026),\n", "cvss3": {}, "published": "2012-02-27T01:08:16", "type": "suse", "title": "Security update for Mozilla XULrunner (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-27T01:08:16", "id": "SUSE-SU-2012:0298-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00021.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2021-10-22T00:03:22", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2410-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 15, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libpng\nVulnerability : integer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3026 \n\nJueri Aedla discovered an integer overflow in the libpng PNG library,\nwhich could lead to the execution of arbitrary code if a malformed\nimage is processed.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your libpng packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-02-15T20:44:25", "type": "debian", "title": "[SECURITY] [DSA 2410-1] libpng security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3026"], "modified": "2012-02-15T20:44:25", "id": "DEBIAN:DSA-2410-1:8641E", "href": "https://lists.debian.org/debian-security-announce/2012/msg00037.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-04-22T17:07:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2012-1892", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310864319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864319", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2012-1892\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073924.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864319\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:02:22 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-1892\");\n script_name(\"Fedora Update for libpng FEDORA-2012-1892\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"libpng on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.5.8~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:36", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2012-4910", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:864380", "href": "http://plugins.openvas.org/nasl.php?oid=864380", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2012-4910\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"thunderbird on Fedora 17\";\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077632.html\");\n script_id(864380);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:06:01 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4910\");\n script_name(\"Fedora Update for thunderbird FEDORA-2012-4910\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~11.0.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:52", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-49)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310120260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120260", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120260\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:21:50 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-49)\");\n script_tag(name:\"insight\", value:\"A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026 )\");\n script_tag(name:\"solution\", value:\"Run yum update libpng to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-49.html\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libpng-static\", rpm:\"libpng-static~1.2.46~2.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.46~2.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~2.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.46~2.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:43", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libpng CESA-2012:0317 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:881188", "href": "http://plugins.openvas.org/nasl.php?oid=881188", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng CESA-2012:0317 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A heap-based buffer overflow flaw was found in libpng. An attacker could\n create a specially-crafted PNG image that, when opened, could cause an\n application using libpng to crash or, possibly, execute arbitrary code with\n the privileges of the user running the application. (CVE-2011-3026)\n \n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\";\n\ntag_affected = \"libpng on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018449.html\");\n script_id(881188);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:38:12 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0317\");\n script_name(\"CentOS Update for libpng CESA-2012:0317 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~2.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.46~2.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-static\", rpm:\"libpng-static~1.2.46~2.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:52", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:0140 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:881148", "href": "http://plugins.openvas.org/nasl.php?oid=881148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:0140 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A heap-based buffer overflow flaw was found in the way Thunderbird handled\n PNG (Portable Network Graphics) images. An HTML mail message or remote\n content containing a specially-crafted PNG image could cause Thunderbird to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2011-3026)\n \n All Thunderbird users should upgrade to this updated package, which\n corrects this issue. After installing the update, Thunderbird must be\n restarted for the changes to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018444.html\");\n script_id(881148);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:22:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0140\");\n script_name(\"CentOS Update for thunderbird CESA-2012:0140 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~2.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:21:01", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1367-2", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox USN-1367-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840902", "href": "http://plugins.openvas.org/nasl.php?oid=840902", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1367_2.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for firefox USN-1367-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding\n update for Firefox.\n\n Original advisory details:\n\n Jueri Aedla discovered that libpng did not properly verify the size used\n when allocating memory during chunk decompression. If a user or automated\n system using libpng were tricked into opening a specially crafted image,\n an attacker could exploit this to cause a denial of service or execute\n code with the privileges of the user invoking the program. (CVE-2011-3026)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1367-2\";\ntag_affected = \"firefox on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1367-2/\");\n script_id(840902);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 19:00:20 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1367-2\");\n script_name(\"Ubuntu Update for firefox USN-1367-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"10.0.2+build1-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"10.0.2+build1-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"10.0.2+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libpng10 CESA-2012:0317 centos4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310881208", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881208", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng10 CESA-2012:0317 centos4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018447.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881208\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:45:47 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0317\");\n script_name(\"CentOS Update for libpng10 CESA-2012:0317 centos4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"libpng10 on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A heap-based buffer overflow flaw was found in libpng. An attacker could\n create a specially-crafted PNG image that, when opened, could cause an\n application using libpng to crash or, possibly, execute arbitrary code with\n the privileges of the user running the application. (CVE-2011-3026)\n\n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.16~10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-devel\", rpm:\"libpng10-devel~1.0.16~10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:06:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2012-5028", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310864117", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864117", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2012-5028\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076668.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864117\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 10:32:25 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5028\");\n script_name(\"Fedora Update for thunderbird FEDORA-2012-5028\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"thunderbird on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~11.0.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:05:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libpng CESA-2012:0317 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310881133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng CESA-2012:0317 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018445.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881133\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:18:34 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0317\");\n script_name(\"CentOS Update for libpng CESA-2012:0317 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libpng on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A heap-based buffer overflow flaw was found in libpng. An attacker could\n create a specially-crafted PNG image that, when opened, could cause an\n application using libpng to crash or, possibly, execute arbitrary code with\n the privileges of the user running the application. (CVE-2011-3026)\n\n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~15.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~15.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:02:14", "description": "Oracle Linux Local Security Checks ELSA-2012-0317", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0317", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310123984", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123984", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (C) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123984\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0317\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0317 - libpng security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0317\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0317.html\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~15.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~15.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~2.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.46~2.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libpng-static\", rpm:\"libpng-static~1.2.46~2.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:02:02", "description": "Oracle Linux Local Security Checks ELSA-2012-0140", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0140", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310123985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (C) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123985\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0140\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0140 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0140\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0140.html\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~2.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:02:04", "description": "Oracle Linux Local Security Checks ELSA-2012-0143", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0143", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310123986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123986", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (C) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123986\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:13 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0143\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0143 - xulrunner security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0143\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0143.html\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.26~2.0.1.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.26~2.0.1.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.26~2.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.26~2.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:05:32", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "FreeBSD Ports: firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:136141256231071170", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto generated from VID d7dbd2db-599c-11e1-a2fb-14dae9ebcf89\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (C) 2012 E-Soft Inc. http://www.securityspace.com\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71170\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3026\");\n script_version(\"2020-04-21T07:31:29+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 07:31:29 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:07 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"FreeBSD Ports: firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n firefox\n linux-firefox\n linux-seamonkey\n linux-thunderbird\n seamonkey\n thunderbird\n\nCVE-2011-3026\nInteger overflow in libpng, as used in Google Chrome before\n17.0.963.56, allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via unknown vectors that\ntrigger an integer truncation.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/security/announce/2012/mfsa2012-11.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/d7dbd2db-599c-11e1-a2fb-14dae9ebcf89.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0,1\")>=0 && revcomp(a:bver, b:\"10.0.2,1\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6\")>=0 && revcomp(a:bver, b:\"3.6.27\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0,1\")>=0 && revcomp(a:bver, b:\"10.0.2,1\")<0) {\n txt += \"Package linux-firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7\")>=0 && revcomp(a:bver, b:\"2.7.2\")<0) {\n txt += \"Package linux-seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0\")>=0 && revcomp(a:bver, b:\"10.0.2\")<0) {\n txt += \"Package linux-thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7\")>=0 && revcomp(a:bver, b:\"2.7.2\")<0) {\n txt += \"Package seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0\")>=0 && revcomp(a:bver, b:\"10.0.2\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"3.1\")>0 && revcomp(a:bver, b:\"3.1.19\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:49", "description": "Check for the Version of libpng10", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2012-2003", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:864376", "href": "http://plugins.openvas.org/nasl.php?oid=864376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2012-2003\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng10 package contains an old version of libpng, a library of functions\n for creating and manipulating PNG (Portable Network Graphics) image format\n files.\n\n This package is needed if you want to run binaries that were linked dynamically\n with libpng 1.0.x.\";\n\ntag_affected = \"libpng10 on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/074045.html\");\n script_id(864376);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:05:44 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-2003\");\n script_name(\"Fedora Update for libpng10 FEDORA-2012-2003\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng10\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.57~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:06:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libpng CESA-2012:0317 centos4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310881212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881212", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng CESA-2012:0317 centos4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018446.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881212\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:46:24 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0317\");\n script_name(\"CentOS Update for libpng CESA-2012:0317 centos4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"libpng on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A heap-based buffer overflow flaw was found in libpng. An attacker could\n create a specially-crafted PNG image that, when opened, could cause an\n application using libpng to crash or, possibly, execute arbitrary code with\n the privileges of the user running the application. (CVE-2011-3026)\n\n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.7~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.7~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:08", "description": "Check for the Version of xulrunner", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for xulrunner CESA-2012:0143 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:881139", "href": "http://plugins.openvas.org/nasl.php?oid=881139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xulrunner CESA-2012:0143 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"XULRunner provides the XUL Runtime environment for applications using the\n Gecko layout engine.\n\n A heap-based buffer overflow flaw was found in the way XULRunner handled\n PNG (Portable Network Graphics) images. A web page containing a malicious\n PNG image could cause an application linked against XULRunner (such as\n Firefox) to crash or, potentially, execute arbitrary code with the\n privileges of the user running the application. (CVE-2011-3026)\n \n All XULRunner users should upgrade to these updated packages, which correct\n this issue. After installing the update, applications using XULRunner must\n be restarted for the changes to take effect.\";\n\ntag_affected = \"xulrunner on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018440.html\");\n script_id(881139);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:20:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0143\");\n script_name(\"CentOS Update for xulrunner CESA-2012:0143 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.26~2.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.26~2.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:57:03", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libpng CESA-2012:0317 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:881133", "href": "http://plugins.openvas.org/nasl.php?oid=881133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng CESA-2012:0317 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A heap-based buffer overflow flaw was found in libpng. An attacker could\n create a specially-crafted PNG image that, when opened, could cause an\n application using libpng to crash or, possibly, execute arbitrary code with\n the privileges of the user running the application. (CVE-2011-3026)\n \n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\";\n\ntag_affected = \"libpng on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018445.html\");\n script_id(881133);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:18:34 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0317\");\n script_name(\"CentOS Update for libpng CESA-2012:0317 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~15.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~15.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2012-1800", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310864335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2012-1800\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074194.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864335\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:03:24 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-1800\");\n script_name(\"Fedora Update for xulrunner FEDORA-2012-1800\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xulrunner'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"xulrunner on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.1~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:05:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:0140 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310881148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:0140 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018444.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881148\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:22:41 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0140\");\n script_name(\"CentOS Update for thunderbird CESA-2012:0140 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A heap-based buffer overflow flaw was found in the way Thunderbird handled\n PNG (Portable Network Graphics) images. An HTML mail message or remote\n content containing a specially-crafted PNG image could cause Thunderbird to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2011-3026)\n\n All Thunderbird users should upgrade to this updated package, which\n corrects this issue. After installing the update, Thunderbird must be\n restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~2.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:19", "description": "Check for the Version of libpng12", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "SuSE Update for libpng12 openSUSE-SU-2012:0316-1 (libpng12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:850244", "href": "http://plugins.openvas.org/nasl.php?oid=850244", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0316_1.nasl 8253 2017-12-28 06:29:51Z teissa $\n#\n# SuSE Update for libpng12 openSUSE-SU-2012:0316-1 (libpng12)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap-based buffer overflow in libpng was fixed that could\n potentially be exploited by attackers to execute arbitrary\n code or cause an application to crash (CVE-2011-3026).\n\n libpng 1.2 was updated to 1.2.47 to fix this issue.\";\n\ntag_affected = \"libpng12 on openSUSE 11.4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850244);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 22:38:33 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0316_1\");\n script_name(\"SuSE Update for libpng12 openSUSE-SU-2012:0316-1 (libpng12)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng12\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.47~0.8.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng12-compat-devel\", rpm:\"libpng12-compat-devel~1.2.47~0.8.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng12-devel\", rpm:\"libpng12-devel~1.2.47~0.8.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng14-14\", rpm:\"libpng14-14~1.4.4~3.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng14-compat-devel\", rpm:\"libpng14-compat-devel~1.4.4~3.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng14-devel\", rpm:\"libpng14-devel~1.4.4~3.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng12-0-32bit\", rpm:\"libpng12-0-32bit~1.2.47~0.8.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng12-compat-devel-32bit\", rpm:\"libpng12-compat-devel-32bit~1.2.47~0.8.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng12-devel-32bit\", rpm:\"libpng12-devel-32bit~1.2.47~0.8.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng14-14-32bit\", rpm:\"libpng14-14-32bit~1.4.4~3.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng14-compat-devel-32bit\", rpm:\"libpng14-compat-devel-32bit~1.4.4~3.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng14-devel-32bit\", rpm:\"libpng14-devel-32bit~1.4.4~3.6.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:55", "description": "Check for the Version of xulrunner", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for xulrunner CESA-2012:0143 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:881121", "href": "http://plugins.openvas.org/nasl.php?oid=881121", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xulrunner CESA-2012:0143 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"XULRunner provides the XUL Runtime environment for applications using the\n Gecko layout engine.\n\n A heap-based buffer overflow flaw was found in the way XULRunner handled\n PNG (Portable Network Graphics) images. A web page containing a malicious\n PNG image could cause an application linked against XULRunner (such as\n Firefox) to crash or, potentially, execute arbitrary code with the\n privileges of the user running the application. (CVE-2011-3026)\n \n All XULRunner users should upgrade to these updated packages, which correct\n this issue. After installing the update, applications using XULRunner must\n be restarted for the changes to take effect.\";\n\ntag_affected = \"xulrunner on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018443.html\");\n script_id(881121);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:13:54 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0143\");\n script_name(\"CentOS Update for xulrunner CESA-2012:0143 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.26~2.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.26~2.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "RedHat Update for xulrunner RHSA-2012:0143-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310870546", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870546", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xulrunner RHSA-2012:0143-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00039.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870546\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:55:36 +0530 (Tue, 21 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0143-01\");\n script_name(\"RedHat Update for xulrunner RHSA-2012:0143-01\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xulrunner'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"xulrunner on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"XULRunner provides the XUL Runtime environment for applications using the\n Gecko layout engine.\n\n A heap-based buffer overflow flaw was found in the way XULRunner handled\n PNG (Portable Network Graphics) images. A web page containing a malicious\n PNG image could cause an application linked against XULRunner (such as\n Firefox) to crash or, potentially, execute arbitrary code with the\n privileges of the user running the application. (CVE-2011-3026)\n\n All XULRunner users should upgrade to these updated packages, which correct\n this issue. After installing the update, applications using XULRunner must\n be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.26~2.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.2.26~2.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.26~2.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:06:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:0140-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310870707", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870707", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:0140-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00036.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870707\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:50:58 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0140-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:0140-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A heap-based buffer overflow flaw was found in the way Thunderbird handled\n PNG (Portable Network Graphics) images. An HTML mail message or remote\n content containing a specially-crafted PNG image could cause Thunderbird to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2011-3026)\n\n All Thunderbird users should upgrade to this updated package, which\n corrects this issue. After installing the update, Thunderbird must be\n restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~2.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~3.1.18~2.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:52", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:0140-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:870707", "href": "http://plugins.openvas.org/nasl.php?oid=870707", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:0140-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A heap-based buffer overflow flaw was found in the way Thunderbird handled\n PNG (Portable Network Graphics) images. An HTML mail message or remote\n content containing a specially-crafted PNG image could cause Thunderbird to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2011-3026)\n\n All Thunderbird users should upgrade to this updated package, which\n corrects this issue. After installing the update, Thunderbird must be\n restarted for the changes to take effect.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00036.html\");\n script_id(870707);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:50:58 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0140-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:0140-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~3.1.18~2.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~3.1.18~2.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:06:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2012-2003", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310864376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2012-2003\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/074045.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864376\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:05:44 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-2003\");\n script_name(\"Fedora Update for libpng10 FEDORA-2012-2003\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.57~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:58:21", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2012-5068", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:864147", "href": "http://plugins.openvas.org/nasl.php?oid=864147", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2012-5068\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"thunderbird on Fedora 15\";\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076871.html\");\n script_id(864147);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:48:35 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-5068\");\n script_name(\"Fedora Update for thunderbird FEDORA-2012-5068\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~11.0.1~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:20", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:0142-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:870564", "href": "http://plugins.openvas.org/nasl.php?oid=870564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:0142-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser.\n\n A heap-based buffer overflow flaw was found in the way Firefox handled\n PNG (Portable Network Graphics) images. A web page containing a malicious\n PNG image could cause Firefox to crash or, possibly, execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2011-3026)\n\n All Firefox users should upgrade to this updated package, which corrects\n this issue. After installing the update, Firefox must be restarted for the\n changes to take effect.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00038.html\");\n script_id(870564);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:57:12 +0530 (Tue, 21 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0142-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:0142-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.26~3.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.26~3.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for mozilla MDVSA-2012:022 (mozilla)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310803005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803005", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla MDVSA-2012:022 (mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:022\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.803005\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:31 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:022\");\n script_name(\"Mandriva Update for mozilla MDVSA-2012:022 (mozilla)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mozilla'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"mozilla on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Security issues were identified and fixed in mozilla firefox and\n thunderbird:\n\n An integer overflow in the libpng library can lead to a heap-buffer\n overflow when decompressing certain PNG images. This leads to a crash,\n which may be potentially exploitable (CVE-2011-3026).\n\n The mozilla firefox and thunderbird packages has been upgraded to the\n latest respective versions which is not affecte dby this security flaw.\n\n Additionally the rootcerts packages (root CA cerificates bundle)\n has been upgraded to the latest version as of 2012/02/18 and the NSS\n library has been rebuilt accordingly to pickup the changes.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ast\", rpm:\"firefox-ast~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_BD\", rpm:\"firefox-bn_BD~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_IN\", rpm:\"firefox-bn_IN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-br\", rpm:\"firefox-br~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bs\", rpm:\"firefox-bs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_ZA\", rpm:\"firefox-en_ZA~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_CL\", rpm:\"firefox-es_CL~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_MX\", rpm:\"firefox-es_MX~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fa\", rpm:\"firefox-fa~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gd\", rpm:\"firefox-gd~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hr\", rpm:\"firefox-hr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hy\", rpm:\"firefox-hy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kk\", rpm:\"firefox-kk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lg\", rpm:\"firefox-lg~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mai\", rpm:\"firefox-mai~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ml\", rpm:\"firefox-ml~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nso\", rpm:\"firefox-nso~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-or\", rpm:\"firefox-or~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta\", rpm:\"firefox-ta~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta_LK\", rpm:\"firefox-ta_LK~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-vi\", rpm:\"firefox-vi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zu\", rpm:\"firefox-zu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ar\", rpm:\"mozilla-thunderbird-ar~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bn_BD\", rpm:\"mozilla-thunderbird-bn_BD~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-br\", rpm:\"mozilla-thunderbird-br~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-vi\", rpm:\"mozilla-thunderbird-enigmail-vi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et\", rpm:\"mozilla-thunderbird-et~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fy\", rpm:\"mozilla-thunderbird-fy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ga\", rpm:\"mozilla-thunderbird-ga~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gd\", rpm:\"mozilla-thunderbird-gd~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gl\", rpm:\"mozilla-thunderbird-gl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-id\", rpm:\"mozilla-thunderbird-id~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-is\", rpm:\"mozilla-thunderbird-is~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lightning\", rpm:\"mozilla-thunderbird-lightning~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ro\", rpm:\"mozilla-thunderbird-ro~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-si\", rpm:\"mozilla-thunderbird-si~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sq\", rpm:\"mozilla-thunderbird-sq~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ta_LK\", rpm:\"mozilla-thunderbird-ta_LK~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-vi\", rpm:\"mozilla-thunderbird-vi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20120218.00~1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20120218.00~1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-l10n\", rpm:\"mozilla-thunderbird-l10n~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20120218.00~1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.1~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.36mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.27\", rpm:\"libxulrunner1.9.2.27~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20120218.00~1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20120218.00~1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.37mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.1~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.27\", rpm:\"lib64xulrunner1.9.2.27~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.27~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ast\", rpm:\"firefox-ast~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_BD\", rpm:\"firefox-bn_BD~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_IN\", rpm:\"firefox-bn_IN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-br\", rpm:\"firefox-br~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bs\", rpm:\"firefox-bs~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_ZA\", rpm:\"firefox-en_ZA~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_CL\", rpm:\"firefox-es_CL~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_MX\", rpm:\"firefox-es_MX~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fa\", rpm:\"firefox-fa~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gd\", rpm:\"firefox-gd~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hr\", rpm:\"firefox-hr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hy\", rpm:\"firefox-hy~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kk\", rpm:\"firefox-kk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lg\", rpm:\"firefox-lg~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mai\", rpm:\"firefox-mai~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ml\", rpm:\"firefox-ml~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nso\", rpm:\"firefox-nso~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-or\", rpm:\"firefox-or~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta\", rpm:\"firefox-ta~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta_LK\", rpm:\"firefox-ta_LK~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-vi\", rpm:\"firefox-vi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zu\", rpm:\"firefox-zu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ar\", rpm:\"mozilla-thunderbird-ar~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bn_BD\", rpm:\"mozilla-thunderbird-bn_BD~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-br\", rpm:\"mozilla-thunderbird-br~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-vi\", rpm:\"mozilla-thunderbird-enigmail-vi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et\", rpm:\"mozilla-thunderbird-et~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fy\", rpm:\"mozilla-thunderbird-fy~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ga\", rpm:\"mozilla-thunderbird-ga~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gd\", rpm:\"mozilla-thunderbird-gd~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gl\", rpm:\"mozilla-thunderbird-gl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-id\", rpm:\"mozilla-thunderbird-id~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-is\", rpm:\"mozilla-thunderbird-is~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lightning\", rpm:\"mozilla-thunderbird-lightning~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ro\", rpm:\"mozilla-thunderbird-ro~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-si\", rpm:\"mozilla-thunderbird-si~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sq\", rpm:\"mozilla-thunderbird-sq~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ta_LK\", rpm:\"mozilla-thunderbird-ta_LK~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-vi\", rpm:\"mozilla-thunderbird-vi~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts\", rpm:\"rootcerts~20120218.00~1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rootcerts-java\", rpm:\"rootcerts-java~20120218.00~1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-l10n\", rpm:\"mozilla-thunderbird-l10n~10.0.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.1~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-08T12:57:48", "description": "Check for the Version of xulrunner", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2012-1845", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:863757", "href": "http://plugins.openvas.org/nasl.php?oid=863757", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2012-1845\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 15\";\ntag_insight = \"XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM\n applications that are as rich as Firefox and Thunderbird. It provides mechanisms\n for installing, upgrading, and uninstalling these applications. XULRunner also\n provides libxul, a solution which allows the embedding of Mozilla technologies\n in other projects and products.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074364.html\");\n script_id(863757);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:17:10 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-1845\");\n script_name(\"Fedora Update for xulrunner FEDORA-2012-1845\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.1~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:19:55", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1367-4", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for xulrunner-1.9.2 USN-1367-4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840892", "href": "http://plugins.openvas.org/nasl.php?oid=840892", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1367_4.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for xulrunner-1.9.2 USN-1367-4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding\n update for Xulrunner.\n\n Original advisory details:\n\n Jueri Aedla discovered that libpng did not properly verify the size used\n when allocating memory during chunk decompression. If a user or automated\n system using libpng were tricked into opening a specially crafted image,\n an attacker could exploit this to cause a denial of service or execute\n code with the privileges of the user invoking the program. (CVE-2011-3026)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1367-4\";\ntag_affected = \"xulrunner-1.9.2 on Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1367-4/\");\n script_id(840892);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:58:34 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1367-4\");\n script_name(\"Ubuntu Update for xulrunner-1.9.2 USN-1367-4\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.27+build1+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:07:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "RedHat Update for libpng RHSA-2012:0317-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310870549", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870549", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libpng RHSA-2012:0317-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00041.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870549\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:15 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0317-01\");\n script_name(\"RedHat Update for libpng RHSA-2012:0317-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"libpng on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A heap-based buffer overflow flaw was found in libpng. An attacker could\n create a specially-crafted PNG image that, when opened, could cause an\n application using libpng to crash or, possibly, execute arbitrary code with\n the privileges of the user running the application. (CVE-2011-3026)\n\n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~15.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.10~15.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~15.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.7~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.7~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.7~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.16~10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-debuginfo\", rpm:\"libpng10-debuginfo~1.0.16~10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-devel\", rpm:\"libpng10-devel~1.0.16~10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:50", "description": "Check for the Version of mozilla-xulrunner192", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "SuSE Update for mozilla-xulrunner192 openSUSE-SU-2012:0297-1 (mozilla-xulrunner192)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:850229", "href": "http://plugins.openvas.org/nasl.php?oid=850229", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0297_1.nasl 8285 2018-01-04 06:29:16Z teissa $\n#\n# SuSE Update for mozilla-xulrunner192 openSUSE-SU-2012:0297-1 (mozilla-xulrunner192)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozilla-xulrunner192 on openSUSE 11.4\";\ntag_insight = \"Mozilla XULRunner was updated to 1.9.2.27 to fix a security\n issue with the embedded libpng, where a integer overflow\n could allow remote attackers to crash the browser or\n potentially execute code (CVE-2011-3026),\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850229);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 21:25:46 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0297_1\");\n script_name(\"SuSE Update for mozilla-xulrunner192 openSUSE-SU-2012:0297-1 (mozilla-xulrunner192)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozilla-xulrunner192\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~10.0.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~10.0.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~10.0.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~10.0.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~10.0.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~10.0.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~3.1.19~0.25.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~3.1.19~0.25.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~3.1.19~0.25.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~3.1.19~0.25.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~3.1.19~0.25.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.1.2+3.1.19~0.25.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192\", rpm:\"mozilla-js192~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192\", rpm:\"mozilla-xulrunner192~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-buildsymbols\", rpm:\"mozilla-xulrunner192-buildsymbols~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-devel\", rpm:\"mozilla-xulrunner192-devel~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome\", rpm:\"mozilla-xulrunner192-gnome~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common\", rpm:\"mozilla-xulrunner192-translations-common~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other\", rpm:\"mozilla-xulrunner192-translations-other~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.7.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.7.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.7.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.7.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.7.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.7.2~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192-32bit\", rpm:\"mozilla-js192-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-32bit\", rpm:\"mozilla-xulrunner192-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome-32bit\", rpm:\"mozilla-xulrunner192-gnome-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common-32bit\", rpm:\"mozilla-xulrunner192-translations-common-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other-32bit\", rpm:\"mozilla-xulrunner192-translations-other-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:06:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-09T00:00:00", "type": "openvas", "title": "Mandriva Update for libpng MDVSA-2012:022 (libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310831550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libpng MDVSA-2012:022 (libpng)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2012-02/msg00025.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831550\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 19:16:07 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:022\");\n script_name(\"Mandriva Update for libpng MDVSA-2012:022 (libpng)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"libpng on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been found and corrected in libpng:\n\n Integer overflow in libpng allows remote attackers to cause a denial\n of service or possibly have unspecified other impact via unknown\n vectors that trigger an integer truncation (CVE-2011-3026).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.31~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.31~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-source\", rpm:\"libpng-source~1.2.31~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-static-devel\", rpm:\"libpng-static-devel~1.2.31~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.31~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png3\", rpm:\"lib64png3~1.2.31~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-devel\", rpm:\"lib64png-devel~1.2.31~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-static-devel\", rpm:\"lib64png-static-devel~1.2.31~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.43~1.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.43~1.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-source\", rpm:\"libpng-source~1.2.43~1.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-static-devel\", rpm:\"libpng-static-devel~1.2.43~1.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.43~1.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png3\", rpm:\"lib64png3~1.2.43~1.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-devel\", rpm:\"lib64png-devel~1.2.43~1.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-static-devel\", rpm:\"lib64png-static-devel~1.2.43~1.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:51", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2012:0141 centos4 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:881126", "href": "http://plugins.openvas.org/nasl.php?oid=881126", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2012:0141 centos4 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC\n chat client, and HTML editor.\n\n A heap-based buffer overflow flaw was found in the way SeaMonkey handled\n PNG (Portable Network Graphics) images. A web page containing a malicious\n PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary\n code with the privileges of the user running SeaMonkey. (CVE-2011-3026)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n this issue. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018442.html\");\n script_id(881126);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:16:36 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0141\");\n script_name(\"CentOS Update for seamonkey CESA-2012:0141 centos4 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~79.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~79.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~79.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~79.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~79.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~79.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:07:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2012-5068", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310864147", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864147", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2012-5068\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076871.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864147\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:48:35 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5068\");\n script_name(\"Fedora Update for thunderbird FEDORA-2012-5068\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"thunderbird on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~11.0.1~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:05:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mozilla-xulrunner192 (openSUSE-SU-2012:0297-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310850229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850229", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850229\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 21:25:46 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0297-1\");\n script_name(\"openSUSE: Security Advisory for mozilla-xulrunner192 (openSUSE-SU-2012:0297-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mozilla-xulrunner192'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n script_tag(name:\"affected\", value:\"mozilla-xulrunner192 on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"Mozilla XULRunner was updated to 1.9.2.27 to fix a security\n issue with the embedded libpng, where a integer overflow\n could allow remote attackers to crash the browser or\n potentially execute code (CVE-2011-3026).\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~10.0.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~10.0.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~10.0.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~10.0.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~10.0.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~10.0.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~3.1.19~0.25.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~3.1.19~0.25.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~3.1.19~0.25.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~3.1.19~0.25.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~3.1.19~0.25.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.1.2+3.1.19~0.25.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-js192\", rpm:\"mozilla-js192~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192\", rpm:\"mozilla-xulrunner192~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192-buildsymbols\", rpm:\"mozilla-xulrunner192-buildsymbols~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192-devel\", rpm:\"mozilla-xulrunner192-devel~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome\", rpm:\"mozilla-xulrunner192-gnome~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common\", rpm:\"mozilla-xulrunner192-translations-common~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other\", rpm:\"mozilla-xulrunner192-translations-other~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.7.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.7.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.7.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.7.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.7.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.7.2~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-js192-32bit\", rpm:\"mozilla-js192-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192-32bit\", rpm:\"mozilla-xulrunner192-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome-32bit\", rpm:\"mozilla-xulrunner192-gnome-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common-32bit\", rpm:\"mozilla-xulrunner192-translations-common-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other-32bit\", rpm:\"mozilla-xulrunner192-translations-other-32bit~1.9.2.27~0.2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:06:09", "description": "Check for the Version of xulrunner", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2012-1800", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864335", "href": "http://plugins.openvas.org/nasl.php?oid=864335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2012-1800\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 17\";\ntag_insight = \"XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM\n applications that are as rich as Firefox and Thunderbird. It provides mechanisms\n for installing, upgrading, and uninstalling these applications. XULRunner also\n provides libxul, a solution which allows the embedding of Mozilla technologies\n in other projects and products.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074194.html\");\n script_id(864335);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:03:24 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-1800\");\n script_name(\"Fedora Update for xulrunner FEDORA-2012-1800\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.1~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:41", "description": "Check for the Version of mozilla", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for mozilla MDVSA-2012:022 (mozilla)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:803005", "href": "http://plugins.openvas.org/nasl.php?oid=803005", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla MDVSA-2012:022 (mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in mozilla firefox and\n thunderbird:\n\n An integer overflow in the libpng library can lead to a heap-buffer\n overflow when decompressing certain PNG images. This leads to a crash,\n which may be potentially exploitable (CVE-2011-3026).\n\n The mozilla firefox and thunderbird packages has been upgraded to the\n latest respective versions whish is not affecte dby this security flaw.\n\n Additionally the rootcerts packages (root CA cerificates bundle)\n has been upgraded to the latest version as of 2012/02/18 and the NSS\n library has been rebuilt accordingly to pickup the changes.\";\n\ntag_affected = \"mozilla on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:022\");\n script_id(803005);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:31 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-3026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:022\");\n script_name(\"Mandriva Update for mozilla MDVSA-2012:022 (mozilla)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ast\", rpm:\"firefox-ast~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_BD\", rpm:\"firefox-bn_BD~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_IN\", rpm:\"firefox-bn_IN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-br\", rpm:\"firefox-br~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bs\", rpm:\"firefox-bs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_ZA\", rpm:\"firefox-en_ZA~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_CL\", rpm:\"firefox-es_CL~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_MX\", rpm:\"firefox-es_MX~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fa\", rpm:\"firefox-fa~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gd\", rpm:\"firefox-gd~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hr\", rpm:\"firefox-hr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hy\", rpm:\"firefox-hy~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kk\", rpm:\"firefox-kk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lg\", rpm:\"firefox-lg~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mai\", rpm:\"firefox-mai~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ml\", rpm:\"firefox-ml~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nso\", rpm:\"firefox-nso~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-or\", rpm:\"firefox-or~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~10.0.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefo

[SECURITY] Fedora 15 Update: xulrunner-10.0.1-3.fc15

Description

Affected Package

Related