DATABASE RESOURCES PRICING ABOUT US

{"id": "52BFEC965C91FFF9EB67268FE505ABA82DAD2FDA3420E0AE67F8478C590BB2EA", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities", "description": "## Abstract\n\nSONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components.\n\n## Content\n\n**VULNERABILITY DETAILS: ** \n \n**CVE ID:**\n\n**Vendor**| **Vendor ID**| **Vendor Title**| **Included CVEs** \n---|---|---|--- \nIBM| [_TSM 6.3.1.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615292>)| Two unauthorized access vulnerabilities in IBM TSM for Space Management| [_CVE-2012-4859_](<https://vulners.com/cve/CVE-2012-4859>) \n[_CVE-2012-5954_](<https://vulners.com/cve/CVE-2012-5954>) \nRed Hat| [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>)| Moderate: httpd security update| [_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \nApache| [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.33| [_CVE-2011-1184_](<https://vulners.com/cve/CVE-2011-1184>) \nApache| [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.35| [_CVE-2011-3190_](<https://vulners.com/cve/CVE-2011-3190>) \nIBM| [_IBM Java 6.0.0 SR12_](<https://www.ibm.com/developerworks/java/jdk/alerts/>)| Oracle October 16 2012 CPU| [_CVE-2012-5081_](<https://vulners.com/cve/CVE-2012-5081>) \nRed Hat| [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>)| Critical: xulrunner security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>)| Important: libpng security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-1210_](<https://rhn.redhat.com/errata/RHSA-2012-1210.html>)| Critical: firefox security update| [_CVE-2012-1970_](<https://www.redhat.com/security/data/cve/CVE-2012-1970.html>) \n[_CVE-2012-1972_](<https://www.redhat.com/security/data/cve/CVE-2012-1972.html>) \n[_CVE-2012-1973_](<https://www.redhat.com/security/data/cve/CVE-2012-1973.html>) \n[_CVE-2012-1974_](<https://www.redhat.com/security/data/cve/CVE-2012-1974.html>) \n[_CVE-2012-1975_](<https://www.redhat.com/security/data/cve/CVE-2012-1975.html>) \n[_CVE-2012-1976_](<https://www.redhat.com/security/data/cve/CVE-2012-1976.html>) \n[_CVE-2012-3956_](<https://www.redhat.com/security/data/cve/CVE-2012-3956.html>) \n[_CVE-2012-3957_](<https://www.redhat.com/security/data/cve/CVE-2012-3957.html>) \n[_CVE-2012-3958_](<https://www.redhat.com/security/data/cve/CVE-2012-3958.html>) \n[_CVE-2012-3959_](<https://www.redhat.com/security/data/cve/CVE-2012-3959.html>) \n[_CVE-2012-3960_](<https://www.redhat.com/security/data/cve/CVE-2012-3960.html>) \n[_CVE-2012-3961_](<https://www.redhat.com/security/data/cve/CVE-2012-3961.html>) \n[_CVE-2012-3962_](<https://www.redhat.com/security/data/cve/CVE-2012-3962.html>) \n[_CVE-2012-3963_](<https://www.redhat.com/security/data/cve/CVE-2012-3963.html>) \n[_CVE-2012-3964_](<https://www.redhat.com/security/data/cve/CVE-2012-3964.html>) \n[_CVE-2012-3966_](<https://www.redhat.com/security/data/cve/CVE-2012-3966.html>) \n[_CVE-2012-3967_](<https://www.redhat.com/security/data/cve/CVE-2012-3967.html>) \n[_CVE-2012-3968_](<https://www.redhat.com/security/data/cve/CVE-2012-3968.html>) \n[_CVE-2012-3969_](<https://www.redhat.com/security/data/cve/CVE-2012-3969.html>) \n[_CVE-2012-3970_](<https://www.redhat.com/security/data/cve/CVE-2012-3970.html>) \n[_CVE-2012-3972_](<https://www.redhat.com/security/data/cve/CVE-2012-3972.html>) \n[_CVE-2012-3976_](<https://www.redhat.com/security/data/cve/CVE-2012-3976.html>) \n[_CVE-2012-3978_](<https://www.redhat.com/security/data/cve/CVE-2012-3978.html>) \n[_CVE-2012-3980_](<https://www.redhat.com/security/data/cve/CVE-2012-3980.html>) \nRed Hat| [_RHSA-2012-1350_](<https://rhn.redhat.com/errata/RHSA-2012-1350.html>)| Critical: firefox security and bug fix update| [_CVE-2012-1956_](<https://www.redhat.com/security/data/cve/CVE-2012-1956.html>) \n[_CVE-2012-3982_](<https://www.redhat.com/security/data/cve/CVE-2012-3982.html>) \n[_CVE-2012-3986_](<https://www.redhat.com/security/data/cve/CVE-2012-3986.html>) \n[_CVE-2012-3988_](<https://www.redhat.com/security/data/cve/CVE-2012-3988.html>) \n[_CVE-2012-3990_](<https://www.redhat.com/security/data/cve/CVE-2012-3990.html>) \n[_CVE-2012-3991_](<https://www.redhat.com/security/data/cve/CVE-2012-3991.html>) \n[_CVE-2012-3992_](<https://www.redhat.com/security/data/cve/CVE-2012-3992.html>) \n[_CVE-2012-3993_](<https://www.redhat.com/security/data/cve/CVE-2012-3993.html>) \n[_CVE-2012-3994_](<https://www.redhat.com/security/data/cve/CVE-2012-3994.html>) \n[_CVE-2012-3995_](<https://www.redhat.com/security/data/cve/CVE-2012-3995.html>) \n[_CVE-2012-4179_](<https://www.redhat.com/security/data/cve/CVE-2012-4179.html>) \n[_CVE-2012-4180_](<https://www.redhat.com/security/data/cve/CVE-2012-4180.html>) \n[_CVE-2012-4181_](<https://www.redhat.com/security/data/cve/CVE-2012-4181.html>) \n[_CVE-2012-4182_](<https://www.redhat.com/security/data/cve/CVE-2012-4182.html>) \n[_CVE-2012-4183_](<https://www.redhat.com/security/data/cve/CVE-2012-4183.html>) \n[_CVE-2012-4184_](<https://www.redhat.com/security/data/cve/CVE-2012-4184.html>) \n[_CVE-2012-4185_](<https://www.redhat.com/security/data/cve/CVE-2012-4185.html>) \n[_CVE-2012-4186_](<https://www.redhat.com/security/data/cve/CVE-2012-4186.html>) \n[_CVE-2012-4187_](<https://www.redhat.com/security/data/cve/CVE-2012-4187.html>) \n[_CVE-2012-4188_](<https://www.redhat.com/security/data/cve/CVE-2012-4188.html>) \nRed Hat| [_RHSA-2012-1361_](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)| Critical: xulrunner security update| [_CVE-2012-4193_](<https://www.redhat.com/security/data/cve/CVE-2012-4193.html>) \nRed Hat| [_RHSA-2012-1407_](<https://rhn.redhat.com/errata/RHSA-2012-1407.html>)| Critical: firefox security update| [_CVE-2012-4194_](<https://www.redhat.com/security/data/cve/CVE-2012-4194.html>) \n[_CVE-2012-4195_](<https://www.redhat.com/security/data/cve/CVE-2012-4195.html>) \n[_CVE-2012-4196_](<https://www.redhat.com/security/data/cve/CVE-2012-4196.html>) \nRed Hat| [_RHSA-2012-1482_](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)| Critical: firefox security update| [_CVE-2012-4201_](<https://www.redhat.com/security/data/cve/CVE-2012-4201.html>) \n[_CVE-2012-4202_](<https://www.redhat.com/security/data/cve/CVE-2012-4202.html>) \n[_CVE-2012-4207_](<https://www.redhat.com/security/data/cve/CVE-2012-4207.html>) \n[_CVE-2012-4209_](<https://www.redhat.com/security/data/cve/CVE-2012-4209.html>) \n[_CVE-2012-4210_](<https://www.redhat.com/security/data/cve/CVE-2012-4210.html>) \n[_CVE-2012-4214_](<https://www.redhat.com/security/data/cve/CVE-2012-4214.html>) \n[_CVE-2012-4215_](<https://www.redhat.com/security/data/cve/CVE-2012-4215.html>) \n[_CVE-2012-4216_](<https://www.redhat.com/security/data/cve/CVE-2012-4216.html>) \n[_CVE-2012-5829_](<https://www.redhat.com/security/data/cve/CVE-2012-5829.html>) \n[_CVE-2012-5830_](<https://www.redhat.com/security/data/cve/CVE-2012-5830.html>) \n[_CVE-2012-5833_](<https://www.redhat.com/security/data/cve/CVE-2012-5833.html>) \n[_CVE-2012-5835_](<https://www.redhat.com/security/data/cve/CVE-2012-5835.html>) \n[_CVE-2012-5839_](<https://www.redhat.com/security/data/cve/CVE-2012-5839.html>) \n[_CVE-2012-5840_](<https://www.redhat.com/security/data/cve/CVE-2012-5840.html>) \n[_CVE-2012-5841_](<https://www.redhat.com/security/data/cve/CVE-2012-5841.html>) \n[_CVE-2012-5842_](<https://www.redhat.com/security/data/cve/CVE-2012-5842.html>) \nRed Hat| [](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)[_RHSA-2012-0699_](<https://rhn.redhat.com/errata/RHSA-2012-0699.html>)| Moderate: openssl security and bug fix update| [_ CVE-2012-2333_](<https://www.redhat.com/security/data/cve/CVE-2012-2333.html>) \nRed Hat| [_RHSA-2012-0518_](<https://rhn.redhat.com/errata/RHSA-2012-0518.html>)| Important: openssl security update| [_ CVE-2012-2110_](<https://www.redhat.com/security/data/cve/CVE-2012-2110.html>) \nRed Hat| [_RHSA-2012-0426_](<https://rhn.redhat.com/errata/RHSA-2012-0426.html>)| Moderate: openssl security and bug fix update| [_ CVE-2012-0884_](<https://www.redhat.com/security/data/cve/CVE-2012-0884.html>) \n[_ CVE-2012-1165_](<https://www.redhat.com/security/data/cve/CVE-2012-1165.html>) \n \n**DESCRIPTION:** \nSONAS has integrated updated versions of the software components for which the vendors have provided fixes for security vulnerabilities. \n \n \n**CVSS:** \nPlease see vendor documentation for CVSS scores and CVSS vector. \n \n \n**AFFECTED PLATFORMS: **\n\n * Affected releases: SONAS 1.1 through 1.3.2.2.\n * Releases/systems/configurations NOT affected: SONAS 1.3.2.3 and above.\n \n\n\n**REMEDIATION: **\n\n \n**_Vendor Fix(es):_** The issue was fixed beginning with version SONAS 1.3.2.3. SONAS customers running an earlier SONAS version (e.g. SONAS 1.3.2.1) must upgrade to SONAS 1.3.2.3 or a later version. \n \n \n**_Workaround(s):_** None. \n \n**_Mitigation(s):_** SONAS is not exposed to CVEs related to Firefox and Xulrunner and to CVE-2011-3026 during normal operation. Service procedures which use the Firefox web browser may activate the vulnerable code. Service personnel must not browse web pages on the internet to avoid the processing of web pages with malicious content. \n\nThe Tomcat related vulnerabilities are exposed to the SONAS management and service IP addresses only, but not to the public IP addresses which are used for NAS data access. It is recommended that the management and service IP addresses will be attached to a management network only.\n\nCVE-2012-4859 is not directly exploitable on SONAS, because SONAS does not provide a capability to logon as native Unix or Linux user.\n\nCVE-2012-5954 impacts only SONAS systems, which are configured with TSM HSM.\n\n \n \n \n**REFERENCES: **\n\n * [__Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>)\n * [__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * [_TSM 6.3.1.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615292>)\n \n[_CVE-2012-4859_](<https://vulners.com/cve/CVE-2012-4859>) \n[_CVE-2012-5954_](<https://vulners.com/cve/CVE-2012-5954>)\n * [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>)\n \n[_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \n[_CVE-2011-4317_](<https://www.redhat.com/security/data/cve/CVE-2011-4317.html>) \n[_CVE-2012-0053_](<file:///C:/Users/ADMINI~1.IMG/AppData/Local/Temp/notesC9812B/CVE-2012-0053>)\n * [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>)\n \n[_CVE-2011-1184_](<https://vulners.com/cve/CVE-2011-1184>) \n[_CVE-2011-2204_](<https://vulners.com/cve/CVE-2011-2204>) \n[_CVE-2011-2526_](<https://vulners.com/cve/CVE-2011-2526>) \n\n * [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>)\n \n[_CVE-2011-3190_](<https://vulners.com/cve/CVE-2011-3190>) \n[_CVE-2011-3375_](<https://vulners.com/cve/CVE-2011-3375>) \n[_CVE-2012-0022_](<https://vulners.com/cve/CVE-2012-0022>) \n\n * [_IBM Java 6.0.0 SR12_](<https://www.ibm.com/developerworks/java/jdk/alerts/>)\n \n[_CVE-2012-5081_](<https://vulners.com/cve/CVE-2012-5081>) \n\n * [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>)\n \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>)\n \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-1210_](<https://rhn.redhat.com/errata/RHSA-2012-1210.html>)\n \n[_CVE-2012-1970_](<https://www.redhat.com/security/data/cve/CVE-2012-1970.html>) \n[_CVE-2012-1972_](<https://www.redhat.com/security/data/cve/CVE-2012-1972.html>) \n[_CVE-2012-1973_](<https://www.redhat.com/security/data/cve/CVE-2012-1973.html>) \n[_CVE-2012-1974_](<https://www.redhat.com/security/data/cve/CVE-2012-1974.html>) \n[_CVE-2012-1975_](<https://www.redhat.com/security/data/cve/CVE-2012-1975.html>) \n[_CVE-2012-1976_](<https://www.redhat.com/security/data/cve/CVE-2012-1976.html>) \n[_CVE-2012-3956_](<https://www.redhat.com/security/data/cve/CVE-2012-3956.html>) \n[_CVE-2012-3957_](<https://www.redhat.com/security/data/cve/CVE-2012-3957.html>) \n[_CVE-2012-3958_](<https://www.redhat.com/security/data/cve/CVE-2012-3958.html>) \n[_CVE-2012-3959_](<https://www.redhat.com/security/data/cve/CVE-2012-3959.html>) \n[_CVE-2012-3960_](<https://www.redhat.com/security/data/cve/CVE-2012-3960.html>) \n[_CVE-2012-3961_](<https://www.redhat.com/security/data/cve/CVE-2012-3961.html>) \n[_CVE-2012-3962_](<https://www.redhat.com/security/data/cve/CVE-2012-3962.html>) \n[_CVE-2012-3963_](<https://www.redhat.com/security/data/cve/CVE-2012-3963.html>) \n[_CVE-2012-3964_](<https://www.redhat.com/security/data/cve/CVE-2012-3964.html>) \n[_CVE-2012-3966_](<https://www.redhat.com/security/data/cve/CVE-2012-3966.html>) \n[_CVE-2012-3967_](<https://www.redhat.com/security/data/cve/CVE-2012-3967.html>) \n[_CVE-2012-3968_](<https://www.redhat.com/security/data/cve/CVE-2012-3968.html>) \n[_CVE-2012-3969_](<https://www.redhat.com/security/data/cve/CVE-2012-3969.html>) \n[_CVE-2012-3970_](<https://www.redhat.com/security/data/cve/CVE-2012-3970.html>) \n[_CVE-2012-3972_](<https://www.redhat.com/security/data/cve/CVE-2012-3972.html>) \n[_CVE-2012-3976_](<https://www.redhat.com/security/data/cve/CVE-2012-3976.html>) \n[_CVE-2012-3978_](<https://www.redhat.com/security/data/cve/CVE-2012-3978.html>) \n[_CVE-2012-3980_](<https://www.redhat.com/security/data/cve/CVE-2012-3980.html>)\n * [_RHSA-2012-1350_](<https://rhn.redhat.com/errata/RHSA-2012-1350.html>)\n \n[_CVE-2012-1956_](<https://www.redhat.com/security/data/cve/CVE-2012-1956.html>) \n[_CVE-2012-3982_](<https://www.redhat.com/security/data/cve/CVE-2012-3982.html>) \n[_CVE-2012-3986_](<https://www.redhat.com/security/data/cve/CVE-2012-3986.html>) \n[_CVE-2012-3988_](<https://www.redhat.com/security/data/cve/CVE-2012-3988.html>) \n[_CVE-2012-3990_](<https://www.redhat.com/security/data/cve/CVE-2012-3990.html>) \n[_CVE-2012-3991_](<https://www.redhat.com/security/data/cve/CVE-2012-3991.html>) \n[_CVE-2012-3992_](<https://www.redhat.com/security/data/cve/CVE-2012-3992.html>) \n[_CVE-2012-3993_](<https://www.redhat.com/security/data/cve/CVE-2012-3993.html>) \n[_CVE-2012-3994_](<https://www.redhat.com/security/data/cve/CVE-2012-3994.html>) \n[_CVE-2012-3995_](<https://www.redhat.com/security/data/cve/CVE-2012-3995.html>) \n[_CVE-2012-4179_](<https://www.redhat.com/security/data/cve/CVE-2012-4179.html>) \n[_CVE-2012-4180_](<https://www.redhat.com/security/data/cve/CVE-2012-4180.html>) \n[_CVE-2012-4181_](<https://www.redhat.com/security/data/cve/CVE-2012-4181.html>) \n[_CVE-2012-4182_](<https://www.redhat.com/security/data/cve/CVE-2012-4182.html>) \n[_CVE-2012-4183_](<https://www.redhat.com/security/data/cve/CVE-2012-4183.html>) \n[_CVE-2012-4184_](<https://www.redhat.com/security/data/cve/CVE-2012-4184.html>) \n[_CVE-2012-4185_](<https://www.redhat.com/security/data/cve/CVE-2012-4185.html>) \n[_CVE-2012-4186_](<https://www.redhat.com/security/data/cve/CVE-2012-4186.html>) \n[_CVE-2012-4187_](<https://www.redhat.com/security/data/cve/CVE-2012-4187.html>) \n[_CVE-2012-4188_](<https://www.redhat.com/security/data/cve/CVE-2012-4188.html>) \n\n * [_RHSA-2012-1361_](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)\n \n[_CVE-2012-4193_](<https://www.redhat.com/security/data/cve/CVE-2012-4193.html>) \n\n * [_RHSA-2012-1407_](<https://rhn.redhat.com/errata/RHSA-2012-1407.html>)\n \n[_CVE-2012-4194_](<https://www.redhat.com/security/data/cve/CVE-2012-4194.html>) \n[_CVE-2012-4195_](<https://www.redhat.com/security/data/cve/CVE-2012-4195.html>) \n[_CVE-2012-4196_](<https://www.redhat.com/security/data/cve/CVE-2012-4196.html>) \n\n * [_RHSA-2012-1482_](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)\n \n[_CVE-2012-4201_](<https://www.redhat.com/security/data/cve/CVE-2012-4201.html>) \n[_CVE-2012-4202_](<https://www.redhat.com/security/data/cve/CVE-2012-4202.html>) \n[_CVE-2012-4207_](<https://www.redhat.com/security/data/cve/CVE-2012-4207.html>) \n[_CVE-2012-4209_](<https://www.redhat.com/security/data/cve/CVE-2012-4209.html>) \n[_CVE-2012-4210_](<https://www.redhat.com/security/data/cve/CVE-2012-4210.html>) \n[_CVE-2012-4214_](<https://www.redhat.com/security/data/cve/CVE-2012-4214.html>) \n[_CVE-2012-4215_](<https://www.redhat.com/security/data/cve/CVE-2012-4215.html>) \n[_CVE-2012-4216_](<https://www.redhat.com/security/data/cve/CVE-2012-4216.html>) \n[_CVE-2012-5829_](<https://www.redhat.com/security/data/cve/CVE-2012-5829.html>) \n[_CVE-2012-5830_](<https://www.redhat.com/security/data/cve/CVE-2012-5830.html>) \n[_CVE-2012-5833_](<https://www.redhat.com/security/data/cve/CVE-2012-5833.html>) \n[_CVE-2012-5835_](<https://www.redhat.com/security/data/cve/CVE-2012-5835.html>) \n[_CVE-2012-5839_](<https://www.redhat.com/security/data/cve/CVE-2012-5839.html>) \n[_CVE-2012-5840_](<https://www.redhat.com/security/data/cve/CVE-2012-5840.html>) \n[_CVE-2012-5841_](<https://www.redhat.com/security/data/cve/CVE-2012-5841.html>) \n[_CVE-2012-5842_](<https://www.redhat.com/security/data/cve/CVE-2012-5842.html>)\n * [](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)[](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)[_RHSA-2012-0699_](<https://rhn.redhat.com/errata/RHSA-2012-0699.html>)\n \n[_CVE-2012-2333_](<https://www.redhat.com/security/data/cve/CVE-2012-2333.html>)\n * [_RHSA-2012-0518_](<https://rhn.redhat.com/errata/RHSA-2012-0518.html>)\n \n[_CVE-2012-2110_](<https://www.redhat.com/security/data/cve/CVE-2012-2110.html>)\n * [_RHSA-2012-0426_](<https://rhn.redhat.com/errata/RHSA-2012-0426.html>)\n \n[_CVE-2012-0884_](<https://www.redhat.com/security/data/cve/CVE-2012-0884.html>) \n[_CVE-2012-1165_](<https://www.redhat.com/security/data/cve/CVE-2012-1165.html>) \n**RELATED INFORMATION: ** \n\n\n * [_IBM Secure Engineering Web Portal_](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)\n * [_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>)\n \n \n \n**CHANGE HISTORY: ** \n\n\n * _28/03/2013__: Original copy published._\n * _03/04/2013__: Restructured the document as per new guidelines._\n * _30/01/2014__: Restructured the document_\n\n_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"STAV45\",\"label\":\"Network Attached Storage (NAS)-\\u003EScale Out Network Attached Storage\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"1.3.2\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "published": "2022-09-26T04:23:14", "modified": "2022-09-26T04:23:14", "epss": [{"cve": "CVE-2011-1184", "epss": 0.00181, "percentile": 0.54089, "modified": "2023-06-23"}, {"cve": "CVE-2011-2204", "epss": 0.00045, "percentile": 0.12531, "modified": "2023-06-23"}, {"cve": "CVE-2011-2526", "epss": 0.00046, "percentile": 0.14084, "modified": "2023-06-06"}, {"cve": "CVE-2011-3026", "epss": 0.9058, "percentile": 0.98324, "modified": "2023-06-06"}, {"cve": "CVE-2011-3190", "epss": 0.00573, "percentile": 0.74777, "modified": "2023-06-06"}, {"cve": "CVE-2011-3375", "epss": 0.0025, "percentile": 0.61492, "modified": "2023-06-06"}, {"cve": "CVE-2011-3639", "epss": 0.01813, "percentile": 0.86398, "modified": "2023-06-06"}, {"cve": "CVE-2011-4317", "epss": 0.95741, "percentile": 0.9911, "modified": "2023-06-06"}, {"cve": "CVE-2012-0022", "epss": 0.05871, "percentile": 0.92312, "modified": "2023-06-19"}, {"cve": "CVE-2012-0053", "epss": 0.96201, "percentile": 0.99259, "modified": "2023-06-19"}, {"cve": "CVE-2012-0884", "epss": 0.00867, "percentile": 0.80044, "modified": "2023-06-19"}, {"cve": "CVE-2012-1165", "epss": 0.41782, "percentile": 0.96793, "modified": "2023-06-19"}, {"cve": "CVE-2012-1956", "epss": 0.00333, "percentile": 0.6704, "modified": "2023-06-19"}, {"cve": "CVE-2012-1970", "epss": 0.01661, "percentile": 0.85811, "modified": "2023-06-19"}, {"cve": "CVE-2012-1972", "epss": 0.03349, "percentile": 0.90006, "modified": "2023-06-19"}, {"cve": "CVE-2012-1973", "epss": 0.03349, "percentile": 0.90006, "modified": "2023-06-19"}, {"cve": "CVE-2012-1974", "epss": 0.03349, "percentile": 0.90006, "modified": "2023-06-19"}, {"cve": "CVE-2012-1975", "epss": 0.03349, "percentile": 0.90006, "modified": "2023-06-19"}, {"cve": "CVE-2012-1976", "epss": 0.03972, "percentile": 0.90757, "modified": "2023-06-19"}, {"cve": "CVE-2012-2110", "epss": 0.11013, "percentile": 0.94307, "modified": "2023-06-19"}, {"cve": "CVE-2012-2333", "epss": 0.05271, "percentile": 0.91892, "modified": "2023-06-19"}, {"cve": "CVE-2012-3956", "epss": 0.03542, "percentile": 0.90266, "modified": "2023-06-19"}, {"cve": "CVE-2012-3957", "epss": 0.05257, "percentile": 0.91882, "modified": "2023-06-19"}, {"cve": "CVE-2012-3958", "epss": 0.08186, "percentile": 0.93419, "modified": "2023-06-19"}, {"cve": "CVE-2012-3959", "epss": 0.03349, "percentile": 0.90006, "modified": "2023-06-19"}, {"cve": "CVE-2012-3960", "epss": 0.03542, "percentile": 0.90266, "modified": "2023-06-19"}, {"cve": "CVE-2012-3961", "epss": 0.03971, "percentile": 0.90756, "modified": "2023-06-19"}, {"cve": "CVE-2012-3962", "epss": 0.08141, "percentile": 0.93402, "modified": "2023-06-19"}, {"cve": "CVE-2012-3963", "epss": 0.03893, "percentile": 0.9067, "modified": "2023-06-19"}, {"cve": "CVE-2012-3964", "epss": 0.08186, "percentile": 0.93419, "modified": "2023-06-19"}, {"cve": "CVE-2012-3966", "epss": 0.07556, "percentile": 0.93188, "modified": "2023-06-19"}, {"cve": "CVE-2012-3967", "epss": 0.00885, "percentile": 0.80258, "modified": "2023-06-19"}, {"cve": "CVE-2012-3968", "epss": 0.03541, "percentile": 0.90265, "modified": "2023-06-19"}, {"cve": "CVE-2012-3969", "epss": 0.17395, "percentile": 0.95351, "modified": "2023-06-19"}, {"cve": "CVE-2012-3970", "epss": 0.08186, "percentile": 0.93419, "modified": "2023-06-19"}, {"cve": "CVE-2012-3972", "epss": 0.00244, "percentile": 0.61089, "modified": "2023-06-19"}, {"cve": "CVE-2012-3976", "epss": 0.00208, "percentile": 0.57532, "modified": "2023-06-19"}, {"cve": "CVE-2012-3978", "epss": 0.01549, "percentile": 0.85287, "modified": "2023-06-19"}, {"cve": "CVE-2012-3980", "epss": 0.01824, "percentile": 0.86479, "modified": "2023-06-19"}, {"cve": "CVE-2012-3982", "epss": 0.01391, "percentile": 0.84471, "modified": "2023-06-19"}, {"cve": "CVE-2012-3986", "epss": 0.00441, "percentile": 0.71265, "modified": "2023-06-19"}, {"cve": "CVE-2012-3988", "epss": 0.07322, "percentile": 0.93101, "modified": "2023-06-19"}, {"cve": "CVE-2012-3990", "epss": 0.03235, "percentile": 0.89845, "modified": "2023-06-19"}, {"cve": "CVE-2012-3991", "epss": 0.01242, "percentile": 0.8355, "modified": "2023-06-19"}, {"cve": "CVE-2012-3992", "epss": 0.00368, "percentile": 0.68613, "modified": "2023-06-19"}, {"cve": "CVE-2012-3993", "epss": 0.01467, "percentile": 0.84844, "modified": "2023-06-19"}, {"cve": "CVE-2012-3994", "epss": 0.00292, "percentile": 0.64687, "modified": "2023-06-19"}, {"cve": "CVE-2012-3995", "epss": 0.02252, "percentile": 0.87973, "modified": "2023-06-19"}, {"cve": "CVE-2012-4179", "epss": 0.02133, "percentile": 0.87633, "modified": "2023-06-19"}, {"cve": "CVE-2012-4180", "epss": 0.7132, "percentile": 0.97587, "modified": "2023-06-19"}, {"cve": "CVE-2012-4181", "epss": 0.02967, "percentile": 0.89449, "modified": "2023-06-19"}, {"cve": "CVE-2012-4182", "epss": 0.02133, "percentile": 0.87633, "modified": "2023-06-19"}, {"cve": "CVE-2012-4183", "epss": 0.02103, "percentile": 0.87547, "modified": "2023-06-19"}, {"cve": "CVE-2012-4184", "epss": 0.00328, "percentile": 0.66729, "modified": "2023-06-19"}, {"cve": "CVE-2012-4185", "epss": 0.02713, "percentile": 0.89002, "modified": "2023-06-19"}, {"cve": "CVE-2012-4186", "epss": 0.7132, "percentile": 0.97587, "modified": "2023-06-19"}, {"cve": "CVE-2012-4187", "epss": 0.03489, "percentile": 0.90186, "modified": "2023-06-19"}, {"cve": "CVE-2012-4188", "epss": 0.7132, "percentile": 0.97587, "modified": "2023-06-19"}, {"cve": "CVE-2012-4193", "epss": 0.02251, "percentile": 0.87969, "modified": "2023-06-19"}, {"cve": "CVE-2012-4194", "epss": 0.00386, "percentile": 0.69377, "modified": "2023-06-19"}, {"cve": "CVE-2012-4195", "epss": 0.00227, "percentile": 0.59715, "modified": "2023-06-19"}, {"cve": "CVE-2012-4196", "epss": 0.00525, "percentile": 0.73654, "modified": "2023-06-19"}, {"cve": "CVE-2012-4201", "epss": 0.00324, "percentile": 0.66547, "modified": "2023-06-19"}, {"cve": "CVE-2012-4202", "epss": 0.02658, "percentile": 0.88881, "modified": "2023-06-19"}, {"cve": "CVE-2012-4207", "epss": 0.00324, "percentile": 0.66547, "modified": "2023-06-19"}, {"cve": "CVE-2012-4209", "epss": 0.00201, "percentile": 0.56705, "modified": "2023-06-19"}, {"cve": "CVE-2012-4210", "epss": 0.01524, "percentile": 0.85165, "modified": "2023-06-19"}, {"cve": "CVE-2012-4214", "epss": 0.01621, "percentile": 0.85639, "modified": "2023-06-19"}, {"cve": "CVE-2012-4215", "epss": 0.01528, "percentile": 0.85188, "modified": "2023-06-19"}, {"cve": "CVE-2012-4216", "epss": 0.02639, "percentile": 0.88852, "modified": "2023-06-19"}, {"cve": "CVE-2012-4859", "epss": 0.00042, "percentile": 0.05675, "modified": "2023-06-23"}, {"cve": "CVE-2012-5081", "epss": 0.04214, "percentile": 0.91009, "modified": "2023-06-23"}, {"cve": "CVE-2012-5829", "epss": 0.03493, "percentile": 0.90195, "modified": "2023-06-23"}, {"cve": "CVE-2012-5830", "epss": 0.02151, "percentile": 0.87717, "modified": "2023-06-23"}, {"cve": "CVE-2012-5833", "epss": 0.018, "percentile": 0.86428, "modified": "2023-06-23"}, {"cve": "CVE-2012-5835", "epss": 0.01729, "percentile": 0.86128, "modified": "2023-06-23"}, {"cve": "CVE-2012-5839", "epss": 0.02839, "percentile": 0.89241, "modified": "2023-06-23"}, {"cve": "CVE-2012-5840", "epss": 0.01623, "percentile": 0.85697, "modified": "2023-06-23"}, {"cve": "CVE-2012-5841", "epss": 0.00138, "percentile": 0.48115, "modified": "2023-06-23"}, {"cve": "CVE-2012-5842", "epss": 0.0096, "percentile": 0.81077, "modified": "2023-06-23"}, {"cve": "CVE-2012-5954", "epss": 0.00311, "percentile": 0.65797, "modified": "2023-06-23"}], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/689121", "reporter": "IBM", "references": [], "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3026", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0022", "CVE-2012-0053", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1956", "CVE-2012-1970", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-2110", "CVE-2012-2333", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3972", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3980", "CVE-2012-3982", "CVE-2012-3986", "CVE-2012-3988", "CVE-2012-3990", "CVE-2012-3991", "CVE-2012-3992", "CVE-2012-3993", "CVE-2012-3994", "CVE-2012-3995", "CVE-2012-4179", "CVE-2012-4180", "CVE-2012-4181", "CVE-2012-4182", "CVE-2012-4183", "CVE-2012-4184", "CVE-2012-4185", "CVE-2012-4186", "CVE-2012-4187", "CVE-2012-4188", "CVE-2012-4193", "CVE-2012-4194", "CVE-2012-4195", "CVE-2012-4196", "CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4207", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4859", "CVE-2012-5081", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5954"], "immutableFields": [], "lastseen": "2023-06-24T05:56:26", "viewCount": 2, "enchantments": {"score": {"value": -0.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY4.ASC"]}, {"type": "altlinux", "idList": ["1F87EA39F54523531F7738F660320FFA", "29854C9C533BD3BE8BE79CF49A0F0E8C", "2ED1385785A43E207D06C8B104B183A8", "2F595D964EFD3CA5F580A7A7091AE59B", "3C8A6DE926B8F297E5DBBDC7CFF4E287", "48F9740A55C89464383845847750BAD8", "5013499411AA87A07921EFB0542B09B7", "56C6D4537874796CFF954D534E7FB4F4", "582C12331046634BC2865453A8AC8A75", "5F7F2922D940D83CF55398EF26C7CBFA", "7111BE9CF908ABA99746CC2472045FC0", "9FB4AC40C176DD2B18AB9904CCE6D8F2", "B1D882E037FF648CDCCFBE4D1D1E499C", "B7059FA00C08E126B77D9A266BAB7C14", "C46EA0A7977288F471D486F4E5FF0530", "CA4DE9D40917DB3C8F276995BEBCD219", "D733AAE1985EC3C4B19B6D78F50AD06B", "DF11580505FD567012196F2A079C399D", "E7916C7C736745FA6601CB08A4E5CCB5"]}, {"type": "amazon", "idList": ["ALAS-2011-025", "ALAS-2012-046", "ALAS-2012-049", "ALAS-2012-062", "ALAS-2012-072", "ALAS-2012-073", "ALAS-2012-085", "ALAS-2012-136", "ALAS-2012-137"]}, {"type": "centos", "idList": ["CESA-2011:1780", "CESA-2011:1845", "CESA-2012:0128", "CESA-2012:0140", "CESA-2012:0141", "CESA-2012:0142", "CESA-2012:0143", "CESA-2012:0317", "CESA-2012:0426", "CESA-2012:0474", "CESA-2012:0475", "CESA-2012:0518", "CESA-2012:0699", "CESA-2012:1210", "CESA-2012:1211", "CESA-2012:1350", "CESA-2012:1351", "CESA-2012:1361", "CESA-2012:1362", "CESA-2012:1384", "CESA-2012:1385", "CESA-2012:1386", "CESA-2012:1407", "CESA-2012:1413", "CESA-2012:1482", "CESA-2012:1483"]}, {"type": "cert", "idList": ["VU:144389", "VU:523889", "VU:737740"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-175", "CPAI-2012-207", "CPAI-2013-1855", "CPAI-2014-1334", "CPAI-2014-1632", "CPAI-2017-0574", "CPAI-2017-1070"]}, {"type": "checkpoint_security", "idList": ["CPS:SK71821", "CPS:SK76360"]}, {"type": "chrome", "idList": ["GCSA-140639316113366102"]}, {"type": "cve", "idList": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3026", "CVE-2011-3045", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-3639", "CVE-2011-4317", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022", "CVE-2012-0053", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1956", "CVE-2012-1970", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-2110", "CVE-2012-2131", "CVE-2012-2191", "CVE-2012-2333", "CVE-2012-3202", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3972", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3980", "CVE-2012-3982", "CVE-2012-3986", "CVE-2012-3988", "CVE-2012-3990", "CVE-2012-3991", "CVE-2012-3992", "CVE-2012-3993", "CVE-2012-3994", "CVE-2012-3995", "CVE-2012-4179", "CVE-2012-4180", "CVE-2012-4181", "CVE-2012-4182", "CVE-2012-4183", "CVE-2012-4184", "CVE-2012-4185", "CVE-2012-4186", "CVE-2012-4187", "CVE-2012-4188", "CVE-2012-4192", "CVE-2012-4193", "CVE-2012-4194", "CVE-2012-4195", "CVE-2012-4196", "CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4207", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4859", "CVE-2012-5081", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5885", "CVE-2012-5954"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2401-1:5C59D", "DEBIAN:DSA-2405-1:AE657", "DEBIAN:DSA-2405-1:E98BD", "DEBIAN:DSA-2410-1:8641E", "DEBIAN:DSA-2454-1:93836", "DEBIAN:DSA-2454-2:7B396", "DEBIAN:DSA-2475-1:7CF3B", "DEBIAN:DSA-2553-1:B9310", "DEBIAN:DSA-2554-1:FB189", "DEBIAN:DSA-2556-1:4254F", "DEBIAN:DSA-2565-1:E3FBE", "DEBIAN:DSA-2569-1:F36D1", "DEBIAN:DSA-2572-1:34217", "DEBIAN:DSA-2583-1:E24CA", "DEBIAN:DSA-2584-1:E74CB", "DEBIAN:DSA-2588-1:1515B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1184", "DEBIANCVE:CVE-2011-2204", "DEBIANCVE:CVE-2011-2526", "DEBIANCVE:CVE-2011-3190", "DEBIANCVE:CVE-2011-3375", "DEBIANCVE:CVE-2011-3639", "DEBIANCVE:CVE-2011-4317", "DEBIANCVE:CVE-2011-5062", "DEBIANCVE:CVE-2011-5063", "DEBIANCVE:CVE-2011-5064", "DEBIANCVE:CVE-2012-0022", "DEBIANCVE:CVE-2012-0053", "DEBIANCVE:CVE-2012-0884", "DEBIANCVE:CVE-2012-1165", "DEBIANCVE:CVE-2012-2110", "DEBIANCVE:CVE-2012-2131", "DEBIANCVE:CVE-2012-2333", "DEBIANCVE:CVE-2012-5885"]}, {"type": "exploitdb", "idList": ["EDB-ID:18756", "EDB-ID:30474"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B68BB9381148CAC1A9824EB84CA5D160"]}, {"type": "f5", "idList": ["F5:K13597", "F5:K13598", "F5:K15273", "F5:K15401", "F5:K15889", "F5:K17454", "F5:K20979231", "F5:K21018505", "F5:K54891070", "SOL13597", "SOL13598", "SOL15273", "SOL15401", "SOL15889", "SOL16285", "SOL17454", "SOL20979231"]}, {"type": "fedora", "idList": ["FEDORA:0A44B2083E", "FEDORA:113C021484", "FEDORA:11D2120E7D", "FEDORA:135D6213F2", "FEDORA:180FA20361", "FEDORA:29B4E212B4", "FEDORA:2E5B62122E", "FEDORA:31EC22125A", "FEDORA:335ED20E91", "FEDORA:40D5120B25", "FEDORA:42F6A21536", "FEDORA:4529E211C9", "FEDORA:45BAA20307", "FEDORA:4758A2021E", "FEDORA:4B73A20DD6", "FEDORA:4ED9921EED", "FEDORA:59DF8224EB", "FEDORA:5CD8320BD3", "FEDORA:5CE3221275", "FEDORA:5D9FC21312", "FEDORA:60F602025F", "FEDORA:6956921120", "FEDORA:6D0B92125D", "FEDORA:73A1F20C71", "FEDORA:7A2FA214FF", "FEDORA:7CF8920E67", "FEDORA:811AA20A83", "FEDORA:82289220A8", "FEDORA:896DC21C43", "FEDORA:8AEFA20B4E", "FEDORA:8ED3020FF6", "FEDORA:92CA820F7E", "FEDORA:92F6E2172E", "FEDORA:A271421BA0", "FEDORA:A3F5521393", "FEDORA:A413420F2D", "FEDORA:A89A021670", "FEDORA:AA6CF2159C", "FEDORA:BEF4320C89", "FEDORA:C411B20546", "FEDORA:CBD0920588", "FEDORA:D9C0A2139E", "FEDORA:E95B521B26", "FEDORA:E9A172121F", "FEDORA:EDD1B2141A"]}, {"type": "freebsd", "idList": ["2AE114DE-C064-11E1-B5E0-000C299B62E1", "2B8CAD90-F289-11E1-A215-14DAE9EBCF89", "2F5FF968-5829-11E1-8288-00262D5ED8EE", "4B7DBFAB-4C6B-11E1-BC16-0023AE8E59F0", "60EB344E-6EB1-11E1-8AD7-00E0815B8DA8", "6B3B1B97-207C-11E2-A03F-C8600054B392", "6E5A9AFD-12D3-11E2-B47D-C8600054B392", "7184F92E-8BB8-11E1-8D7B-003067B2972C", "7F5CCB1D-439B-11E1-BC16-0023AE8E59F0", "98690C45-0361-11E2-A391-000C29033C32", "A4ED6632-5AA9-11E2-8FCB-C8600054B392", "D23119DF-335D-11E2-B64C-C8600054B392", "D7DBD2DB-599C-11E1-A2FB-14DAE9EBCF89", "DBA5D1C9-9F29-11E1-B511-003067C2616F"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-12:01.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201206-15", "GLSA-201206-24", "GLSA-201206-25", "GLSA-201301-01", "GLSA-201312-03", "GLSA-201401-30", "GLSA-201406-32"]}, {"type": "github", "idList": ["GHSA-4F7H-9J2X-CMR4", "GHSA-6CR4-7C7P-P3XV", "GHSA-8H2Q-QM9X-55JC", "GHSA-99RF-92V6-CWX4", "GHSA-9GGM-7897-X4MG", "GHSA-C57P-3V2G-W9RG", "GHSA-HFFM-FQV4-W27R", "GHSA-Q9XF-JWR4-V445"]}, {"type": "hackerone", "idList": ["H1:184877"]}, {"type": "httpd", "idList": ["HTTPD:2A661E9492CCEF999508BD8503884E30", "HTTPD:9A9EDD16AFCBADF47F5131790CE881C5", "HTTPD:B90E2A3B47C473DD04F25ECBDA96D6CE"]}, {"type": "ibm", "idList": ["0DABB4BCBDEEAACCD9BCBA534EC41820493F7C3B8C20B5A6D90E6C0F2F8EE03E", "1DC0A9C6D3EFE4EEA571DAAA9286B8F974D5ECF8F3BAAA188781D697B6DC2546", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "222D825F9500082133A218E3C7AEB55640FF8686A0E5E312E4A154454A9C1833", "231CDD332AADC900F72A89B95AC9C39EF3105159A90F2E23593BEAA9E5E2A95E", "2622732331819B990474B407819D7802E831F25542C957DC10CDE29DBF3A60D9", "26515D82CBE564FD841E30BEDD98666504A91C598E5AD7A19359583F7EA27CC7", "2EFE6F0823C8A2999391498E4D547A11421541651559C159DCFEA60F9B4B126C", "306F0F5B9EBAA5A123DBEA7D5C32E94515078239AFA1D40465B7275E07FFDD37", "35A89FAC12BEA1171A26CF6CD2F2679BABBF138B026E730D5873CE3FD3E85CAC", "3ADD2645500A8724A6E3CFEBCB24819CC15B432D3D80321D3896A982176032C4", "45B71341A260B8D1721867FF17BE36713B9C9FE3153B99E99D3F6E7D5B386B80", "52BCF84201CEBA012FEF5D806CBEB019BE40DA44E167DE103878B677EE8CAFAB", "583215B42F049307CBBCA8930CB40F87016DA7B011EFC8B5B01AB18DCA1B1F3E", "5F329F46D75CD809F439AED5AFC067E5151421A68B52D22D3D95682EC9B47398", "8455FB976B74E254917EBA4A93A1C5D548D66262BBE9838EB4FC27A39CA2017A", "8A8DC2A58A06D1EA35BBE1E649BA615176B9A6582F2242D9D1789A4EBF18300D", "8F73A6D9460746098942CDD034332E627DD5C59C903F65333D90F95100657ED8", "927AB101A523874E35F3A61494C66C58B004E7492F4AB7E06CFD4880FCC23969", "94CC6F9C5A55406BC517B75C79727E37715B0394EA0A995960BB7C92646D7021", "9565FEEA0E13F1CACE459E1DD36D5E9CAB4712E2148193C52D850073C5948478", "A42ABE22F0128678735B56257D9DE3402E0C42653ADA27B207D1047F571D15F1", "B1DCB7B16CEF9661A2108C1AA68BA48643484F874E1663790DBD4CC36ABD77E3", "B20453C219D053FB3DFBE3AC432137E8F0BCF00D1A8B7E10DA3EAFCA55E32851", "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "B8CDE2E20BC16C41FC85BA2A86684E11CDAD295FBFA9F508C045F715A67AC321", "C3B24D9C073C7840B6F13827EE7743D35E733053B2442D8C8AD0A06EAEC3B9DA", "C84B4AF1E4DFDAA1D01B212AB48E59FAE64DCE886C1682502F098ED789D47987", "D6EE1AE15F7BD96FCB1799E31A9E36026979DFE8E702302D459578E3398E8FC4", "DEE9AFF0B712A89D4448E22F7E754C2582FE9F4F5ECD4927D6EFFA568D528127", "E0A58ED8F9D2EAC5F3D7B7629F5373292F4D9CAE0E0ACB4EFB9DF940BFA17EC8", "E718305B80885810F902CE850143D8E41B3321E883AB24867E49DDC4822F4153", "E87EAFF9A690EF73173B8906D395F6E156410F444E128481E2FF5995C827F5C8", "FB5FC638F0F9678EB3E47AF62A74BAF20709E94BB9ADB83967699806B344DB3C", "FD67D2DEA33083AF15B99A8561E7C82ED0D34648C6FCE84477E636627668E9B1"]}, {"type": "kaspersky", "idList": ["KLA10065"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-INTEL-PROSETWIRELESS-WIFI-SOFTWARE-VULNERABILITIES-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-MULTI-BROWSER-FIREFOX_PROTO_CRMFREQUEST-"]}, {"type": "mozilla", "idList": ["MFSA2012-100", "MFSA2012-101", "MFSA2012-103", "MFSA2012-104", "MFSA2012-105", "MFSA2012-106", "MFSA2012-11", "MFSA2012-57", "MFSA2012-58", "MFSA2012-59", "MFSA2012-61", "MFSA2012-62", "MFSA2012-63", "MFSA2012-65", "MFSA2012-69", "MFSA2012-70", "MFSA2012-72", "MFSA2012-74", "MFSA2012-77", "MFSA2012-79", "MFSA2012-81", "MFSA2012-82", "MFSA2012-83", "MFSA2012-84", "MFSA2012-85", "MFSA2012-86", "MFSA2012-87", "MFSA2012-89", "MFSA2012-90", "MFSA2012-91", "MFSA2012-92", "MFSA2012-93", "MFSA2013-02"]}, {"type": "nessus", "idList": ["5882.PASL", "5996.PASL", "6018.PASL", "6302.PRM", "6322.PASL", "6332.PASL", "6333.PASL", "6400.PRM", "6559.PRM", "6560.PRM", "6561.PRM", "6589.PRM", "6602.PRM", "6603.PRM", "6604.PRM", "6613.PRM", "6614.PRM", "6625.PRM", "6626.PRM", "6627.PRM", "6668.PRM", "6670.PRM", "800108.PRM", "800552.PRM", "800597.PRM", "800602.PRM", "800605.PRM", "800607.PRM", "800966.PRM", "801067.PRM", "801230.PRM", "801301.PRM", "801317.PRM", "801323.PRM", "801325.PRM", "801327.PRM", "801336.PRM", "801345.PRM", "801350.PRM", "801356.PRM", "801362.PRM", "801365.PRM", "801376.PRM", "AIX_OPENSSL_ADVISORY4.NASL", "ALA_ALAS-2011-25.NASL", "ALA_ALAS-2012-136.NASL", "ALA_ALAS-2012-137.NASL", "ALA_ALAS-2012-46.NASL", "ALA_ALAS-2012-49.NASL", "ALA_ALAS-2012-62.NASL", "ALA_ALAS-2012-72.NASL", "ALA_ALAS-2012-73.NASL", "ALA_ALAS-2012-85.NASL", "APACHE_2_0_65.NASL", "APACHE_2_2_22.NASL", "APACHE_HTTPONLY_INFO_LEAK.NASL", "APACHE_MOD_PROXY_INFO_LEAK.NASL", "APACHE_MOD_PROXY_INFO_LEAK2.NASL", "APPLETV_5_1.NASL", "APPLE_IOS_60_CHECK.NBIN", "CENTOS_RHSA-2011-1780.NASL", "CENTOS_RHSA-2011-1845.NASL", "CENTOS_RHSA-2012-0128.NASL", "CENTOS_RHSA-2012-0140.NASL", "CENTOS_RHSA-2012-0141.NASL", "CENTOS_RHSA-2012-0142.NASL", "CENTOS_RHSA-2012-0143.NASL", "CENTOS_RHSA-2012-0317.NASL", "CENTOS_RHSA-2012-0426.NASL", "CENTOS_RHSA-2012-0474.NASL", "CENTOS_RHSA-2012-0475.NASL", "CENTOS_RHSA-2012-0518.NASL", "CENTOS_RHSA-2012-0699.NASL", "CENTOS_RHSA-2012-1210.NASL", "CENTOS_RHSA-2012-1211.NASL", "CENTOS_RHSA-2012-1350.NASL", "CENTOS_RHSA-2012-1351.NASL", "CENTOS_RHSA-2012-1361.NASL", "CENTOS_RHSA-2012-1362.NASL", "CENTOS_RHSA-2012-1384.NASL", "CENTOS_RHSA-2012-1385.NASL", "CENTOS_RHSA-2012-1386.NASL", "CENTOS_RHSA-2012-1407.NASL", "CENTOS_RHSA-2012-1413.NASL", "CENTOS_RHSA-2012-1482.NASL", "CENTOS_RHSA-2012-1483.NASL", "DEBIAN_DSA-2401.NASL", "DEBIAN_DSA-2405.NASL", "DEBIAN_DSA-2410.NASL", "DEBIAN_DSA-2454.NASL", "DEBIAN_DSA-2475.NASL", "DEBIAN_DSA-2553.NASL", "DEBIAN_DSA-2554.NASL", "DEBIAN_DSA-2556.NASL", "DEBIAN_DSA-2565.NASL", "DEBIAN_DSA-2569.NASL", "DEBIAN_DSA-2572.NASL", "DEBIAN_DSA-2583.NASL", "DEBIAN_DSA-2584.NASL", "DEBIAN_DSA-2588.NASL", "EULEROS_SA-2019-1421.NASL", "EULEROS_SA-2019-1548.NASL", "F5_BIGIP_SOL15273.NASL", "F5_BIGIP_SOL15401.NASL", "F5_BIGIP_SOL15889.NASL", "F5_BIGIP_SOL16285.NASL", "FEDORA_2011-13426.NASL", "FEDORA_2011-13456.NASL", "FEDORA_2011-13457.NASL", "FEDORA_2011-15005.NASL", "FEDORA_2012-1598.NASL", "FEDORA_2012-1642.NASL", "FEDORA_2012-17841.NASL", "FEDORA_2012-1794.NASL", "FEDORA_2012-1800.NASL", "FEDORA_2012-18035.NASL", "FEDORA_2012-1844.NASL", "FEDORA_2012-1845.NASL", "FEDORA_2012-1856.NASL", "FEDORA_2012-18894.NASL", "FEDORA_2012-1892.NASL", "FEDORA_2012-18931.NASL", "FEDORA_2012-18952.NASL", "FEDORA_2012-1922.NASL", "FEDORA_2012-1930.NASL", "FEDORA_2012-2003.NASL", "FEDORA_2012-2008.NASL", "FEDORA_2012-2028.NASL", "FEDORA_2012-4630.NASL", "FEDORA_2012-4659.NASL", "FEDORA_2012-4665.NASL", "FEDORA_2012-4910.NASL", "FEDORA_2012-5028.NASL", "FEDORA_2012-5068.NASL", "FEDORA_2012-6343.NASL", "FEDORA_2012-6395.NASL", "FEDORA_2012-6403.NASL", "FEDORA_2012-7593.NASL", "FEDORA_2012-7939.NASL", "FEDORA_2012-8014.NASL", "FEDORA_2012-8024.NASL", "FREEBSD_PKG_2AE114DEC06411E1B5E0000C299B62E1.NASL", "FREEBSD_PKG_2B8CAD90F28911E1A21514DAE9EBCF89.NASL", "FREEBSD_PKG_2F5FF968582911E1828800262D5ED8EE.NASL", "FREEBSD_PKG_4B7DBFAB4C6B11E1BC160023AE8E59F0.NASL", "FREEBSD_PKG_60EB344E6EB111E18AD700E0815B8DA8.NASL", "FREEBSD_PKG_6B3B1B97207C11E2A03FC8600054B392.NASL", "FREEBSD_PKG_6E5A9AFD12D311E2B47DC8600054B392.NASL", "FREEBSD_PKG_7184F92E8BB811E18D7B003067B2972C.NASL", "FREEBSD_PKG_7F5CCB1D439B11E1BC160023AE8E59F0.NASL", "FREEBSD_PKG_98690C45036111E2A391000C29033C32.NASL", "FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL", "FREEBSD_PKG_D23119DF335D11E2B64CC8600054B392.NASL", "FREEBSD_PKG_D7DBD2DB599C11E1A2FB14DAE9EBCF89.NASL", "FREEBSD_PKG_DBA5D1C99F2911E1B511003067C2616F.NASL", "GENTOO_GLSA-201206-15.NASL", "GENTOO_GLSA-201206-24.NASL", "GENTOO_GLSA-201206-25.NASL", "GENTOO_GLSA-201301-01.NASL", "GENTOO_GLSA-201312-03.NASL", "GENTOO_GLSA-201401-30.NASL", "GENTOO_GLSA-201406-32.NASL", "GOOGLE_CHROME_17_0_963_56.NASL", "HPSMH_7_0_0_24.NASL", "HPSMH_7_1_1_1.NASL", "HPSMH_7_2_1_0.NASL", "IBM_INFORMIX_GENERO_2_41.NASL", "JUNIPER_NSM_2012_2_R5.NASL", "JUNIPER_NSM_JSA10642.NASL", "JUNIPER_PSN-2012-07-645.NASL", "JUNIPER_SPACE_JSA10585.NASL", "JUNIPER_SPACE_JSA10659.NASL", "MACOSX_10_7_5.NASL", "MACOSX_10_8_4.NASL", "MACOSX_FIREFOX_10_0_10.NASL", "MACOSX_FIREFOX_10_0_11.NASL", "MACOSX_FIREFOX_10_0_2.NASL", "MACOSX_FIREFOX_10_0_7.NASL", "MACOSX_FIREFOX_10_0_8.NASL", "MACOSX_FIREFOX_10_0_9.NASL", "MACOSX_FIREFOX_15_0.NASL", "MACOSX_FIREFOX_16_0.NASL", "MACOSX_FIREFOX_16_0_1.NASL", "MACOSX_FIREFOX_16_0_2.NASL", "MACOSX_FIREFOX_17_0.NASL", "MACOSX_FIREFOX_18_0.NASL", "MACOSX_FIREFOX_3_6_27.NASL", "MACOSX_JAVA_10_6_UPDATE11.NASL", "MACOSX_JAVA_2012-006.NASL", "MACOSX_SECUPD2012-001.NASL", "MACOSX_SECUPD2012-004.NASL", "MACOSX_SECUPD2013-002.NASL", "MACOSX_THUNDERBIRD_10_0_10.NASL", "MACOSX_THUNDERBIRD_10_0_11.NASL", "MACOSX_THUNDERBIRD_10_0_2.NASL", "MACOSX_THUNDERBIRD_10_0_7.NASL", "MACOSX_THUNDERBIRD_10_0_8.NASL", "MACOSX_THUNDERBIRD_10_0_9.NASL", "MACOSX_THUNDERBIRD_15_0.NASL", "MACOSX_THUNDERBIRD_16_0.NASL", "MACOSX_THUNDERBIRD_16_0_1.NASL", "MACOSX_THUNDERBIRD_16_0_2.NASL", "MACOSX_THUNDERBIRD_17_0.NASL", "MACOSX_THUNDERBIRD_3_1_19.NASL", "MANDRIVA_MDVSA-2011-156.NASL", "MANDRIVA_MDVSA-2012-003.NASL", "MANDRIVA_MDVSA-2012-012.NASL", "MANDRIVA_MDVSA-2012-022.NASL", "MANDRIVA_MDVSA-2012-038.NASL", "MANDRIVA_MDVSA-2012-060.NASL", "MANDRIVA_MDVSA-2012-064.NASL", "MANDRIVA_MDVSA-2012-073.NASL", "MANDRIVA_MDVSA-2012-085.NASL", "MANDRIVA_MDVSA-2012-145.NASL", "MANDRIVA_MDVSA-2012-147.NASL", "MANDRIVA_MDVSA-2012-169.NASL", "MOZILLA_FIREFOX_10010.NASL", "MOZILLA_FIREFOX_10011.NASL", "MOZILLA_FIREFOX_1002.NASL", "MOZILLA_FIREFOX_1007.NASL", "MOZILLA_FIREFOX_1008.NASL", "MOZILLA_FIREFOX_1009.NASL", "MOZILLA_FIREFOX_150.NASL", "MOZILLA_FIREFOX_160.NASL", "MOZILLA_FIREFOX_1601.NASL", "MOZILLA_FIREFOX_1602.NASL", "MOZILLA_FIREFOX_170.NASL", "MOZILLA_FIREFOX_180.NASL", "MOZILLA_FIREFOX_3627.NASL", "MOZILLA_THUNDERBIRD_10010.NASL", "MOZILLA_THUNDERBIRD_10011.NASL", "MOZILLA_THUNDERBIRD_1002.NASL", "MOZILLA_THUNDERBIRD_1007.NASL", "MOZILLA_THUNDERBIRD_1008.NASL", "MOZILLA_THUNDERBIRD_1009.NASL", "MOZILLA_THUNDERBIRD_150.NASL", "MOZILLA_THUNDERBIRD_160.NASL", "MOZILLA_THUNDERBIRD_1601.NASL", "MOZILLA_THUNDERBIRD_1602.NASL", "MOZILLA_THUNDERBIRD_170.NASL", "MOZILLA_THUNDERBIRD_3119.NASL", "NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "OPENSSL_0_9_8U.NASL", "OPENSSL_0_9_8V.NASL", "OPENSSL_0_9_8X.NASL", "OPENSSL_1_0_0H.NASL", "OPENSSL_1_0_0I.NASL", "OPENSSL_1_0_0J.NASL", "OPENSSL_1_0_1A.NASL", "OPENSSL_1_0_1C.NASL", "OPENSUSE-2012-120.NASL", "OPENSUSE-2012-129.NASL", "OPENSUSE-2012-132.NASL", "OPENSUSE-2012-137.NASL", "OPENSUSE-2012-142.NASL", "OPENSUSE-2012-210.NASL", "OPENSUSE-2012-242.NASL", "OPENSUSE-2012-308.NASL", "OPENSUSE-2012-534.NASL", "OPENSUSE-2012-538.NASL", "OPENSUSE-2012-709.NASL", "OPENSUSE-2012-745.NASL", "OPENSUSE-2012-749.NASL", "OPENSUSE-2012-754.NASL", "OPENSUSE-2012-755.NASL", "OPENSUSE-2012-817.NASL", "OPENSUSE-2012-818.NASL", "OPENSUSE-2012-819.NASL", "OPENSUSE-2012-820.NASL", "OPENSUSE-2013-153.NASL", "OPENSUSE-2013-17.NASL", "OPENSUSE-2013-80.NASL", "ORACLELINUX_ELSA-2011-1780.NASL", "ORACLELINUX_ELSA-2011-1845.NASL", "ORACLELINUX_ELSA-2012-0128.NASL", "ORACLELINUX_ELSA-2012-0140.NASL", "ORACLELINUX_ELSA-2012-0141.NASL", "ORACLELINUX_ELSA-2012-0142.NASL", "ORACLELINUX_ELSA-2012-0143.NASL", "ORACLELINUX_ELSA-2012-0317.NASL", "ORACLELINUX_ELSA-2012-0323.NASL", "ORACLELINUX_ELSA-2012-0426.NASL", "ORACLELINUX_ELSA-2012-0474.NASL", "ORACLELINUX_ELSA-2012-0475.NASL", "ORACLELINUX_ELSA-2012-0518.NASL", "ORACLELINUX_ELSA-2012-0699.NASL", "ORACLELINUX_ELSA-2012-1210.NASL", "ORACLELINUX_ELSA-2012-1211.NASL", "ORACLELINUX_ELSA-2012-1350.NASL", "ORACLELINUX_ELSA-2012-1351.NASL", "ORACLELINUX_ELSA-2012-1361.NASL", "ORACLELINUX_ELSA-2012-1362.NASL", "ORACLELINUX_ELSA-2012-1384.NASL", "ORACLELINUX_ELSA-2012-1385.NASL", "ORACLELINUX_ELSA-2012-1386.NASL", "ORACLELINUX_ELSA-2012-1407.NASL", "ORACLELINUX_ELSA-2012-1413.NASL", "ORACLELINUX_ELSA-2012-1482.NASL", "ORACLELINUX_ELSA-2012-1483.NASL", "ORACLELINUX_ELSA-2012-2011.NASL", "ORACLEVM_OVMSA-2014-0007.NASL", "ORACLEVM_OVMSA-2014-0008.NASL", "ORACLE_JAVA_CPU_OCT_2012.NASL", "ORACLE_JAVA_CPU_OCT_2012_UNIX.NASL", "ORACLE_JROCKIT_CPU_OCT_2012.NASL", "REDHAT-RHSA-2011-1780.NASL", "REDHAT-RHSA-2011-1845.NASL", "REDHAT-RHSA-2012-0074.NASL", "REDHAT-RHSA-2012-0128.NASL", "REDHAT-RHSA-2012-0140.NASL", "REDHAT-RHSA-2012-0141.NASL", "REDHAT-RHSA-2012-0142.NASL", "REDHAT-RHSA-2012-0143.NASL", "REDHAT-RHSA-2012-0317.NASL", "REDHAT-RHSA-2012-0323.NASL", "REDHAT-RHSA-2012-0426.NASL", "REDHAT-RHSA-2012-0474.NASL", "REDHAT-RHSA-2012-0475.NASL", "REDHAT-RHSA-2012-0488.NASL", "REDHAT-RHSA-2012-0518.NASL", "REDHAT-RHSA-2012-0522.NASL", "REDHAT-RHSA-2012-0531.NASL", "REDHAT-RHSA-2012-0542.NASL", "REDHAT-RHSA-2012-0680.NASL", "REDHAT-RHSA-2012-0682.NASL", "REDHAT-RHSA-2012-0699.NASL", "REDHAT-RHSA-2012-1210.NASL", "REDHAT-RHSA-2012-1211.NASL", "REDHAT-RHSA-2012-1350.NASL", "REDHAT-RHSA-2012-1351.NASL", "REDHAT-RHSA-2012-1361.NASL", "REDHAT-RHSA-2012-1362.NASL", "REDHAT-RHSA-2012-1384.NASL", "REDHAT-RHSA-2012-1385.NASL", "REDHAT-RHSA-2012-1386.NASL", "REDHAT-RHSA-2012-1391.NASL", "REDHAT-RHSA-2012-1392.NASL", "REDHAT-RHSA-2012-1407.NASL", "REDHAT-RHSA-2012-1413.NASL", "REDHAT-RHSA-2012-1465.NASL", "REDHAT-RHSA-2012-1466.NASL", "REDHAT-RHSA-2012-1467.NASL", "REDHAT-RHSA-2012-1482.NASL", "REDHAT-RHSA-2012-1483.NASL", "REDHAT-RHSA-2012-1485.NASL", "REDHAT-RHSA-2013-1455.NASL", "REDHAT-RHSA-2013-1456.NASL", "SEAMONKEY_212.NASL", "SEAMONKEY_213.NASL", "SEAMONKEY_2131.NASL", "SEAMONKEY_2132.NASL", "SEAMONKEY_214.NASL", "SEAMONKEY_215.NASL", "SEAMONKEY_272.NASL", "SLACKWARE_SSA_2012-041-01.NASL", "SL_20111205_TOMCAT6_ON_SL6.NASL", "SL_20111220_TOMCAT5_ON_SL5_X.NASL", "SL_20120213_HTTPD_ON_SL6_X.NASL", "SL_20120216_FIREFOX_ON_SL4_X.NASL", "SL_20120216_XULRUNNER_ON_SL5_X.NASL", "SL_20120220_LIBPNG_ON_SL4_X.NASL", "SL_20120221_HTTPD_ON_SL5_X.NASL", "SL_20120327_OPENSSL_ON_SL5_X.NASL", "SL_20120411_TOMCAT5_ON_SL5_X.NASL", "SL_20120411_TOMCAT6_ON_SL6.NASL", "SL_20120424_OPENSSL_ON_SL5_X.NASL", "SL_20120529_OPENSSL_ON_SL5_X.NASL", "SL_20120829_FIREFOX_ON_SL5_X.NASL", "SL_20120829_THUNDERBIRD_ON_SL5_X.NASL", "SL_20121009_FIREFOX_ON_SL5_X.NASL", "SL_20121009_THUNDERBIRD_ON_SL5_X.NASL", "SL_20121012_XULRUNNER_ON_SL5_X.NASL", "SL_20121017_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20121017_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "SL_20121017_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20121018_JAVA_1_6_0_SUN_ON_SL5_X.NASL", "SL_20121029_THUNDERBIRD_ON_SL5_X.NASL", "SL_20121120_FIREFOX_ON_SL5_X.NASL", "SL_20121120_THUNDERBIRD_ON_SL5_X.NASL", "SOLARIS11_APACHE_20120420.NASL", "SOLARIS11_FIREFOX_20130129.NASL", "SOLARIS11_LIBPNG_20130313.NASL", "SOLARIS11_OPENSSL_20120523.NASL", "SOLARIS11_OPENSSL_20120626.NASL", "SOLARIS11_OPENSSL_20120814.NASL", "SOLARIS11_THUNDERBIRD_20130129.NASL", "SOLARIS11_TOMCAT_20120404.NASL", "SOLARIS11_TOMCAT_20120405.NASL", "SOLARIS11_TOMCAT_20140401.NASL", "SSL_ROBOT_BLEICHENBACHER.NASL", "SUSE_11_3_APACHE2-111205.NASL", "SUSE_11_3_TOMCAT6-110815.NASL", "SUSE_11_3_TOMCAT6-110916.NASL", "SUSE_11_4_APACHE2-111205.NASL", "SUSE_11_4_APACHE2-201202-120216.NASL", "SUSE_11_4_LIBPNG12-120220.NASL", "SUSE_11_4_LIBPNG14-120220.NASL", "SUSE_11_4_MOZILLA-JS192-120217.NASL", "SUSE_11_4_MOZILLAFIREFOX-120217.NASL", "SUSE_11_4_MOZILLATHUNDERBIRD-120217.NASL", "SUSE_11_4_SEAMONKEY-120217.NASL", "SUSE_11_4_TOMCAT6-110815.NASL", "SUSE_11_4_TOMCAT6-110916.NASL", "SUSE_11_4_TOMCAT6-120207.NASL", "SUSE_11_APACHE2-111130.NASL", "SUSE_11_APACHE2-130225.NASL", "SUSE_11_APACHE2-201202-120203.NASL", "SUSE_11_COMPAT-OPENSSL097G-120830.NASL", "SUSE_11_FIREFOX-201208-120831.NASL", "SUSE_11_FIREFOX-201210-121015.NASL", "SUSE_11_FIREFOX-201210B-121029.NASL", "SUSE_11_FIREFOX-20121121-121123.NASL", "SUSE_11_FIREFOX-201301-130110.NASL", "SUSE_11_JAVA-1_4_2-IBM-121113.NASL", "SUSE_11_JAVA-1_6_0-IBM-121126.NASL", "SUSE_11_JAVA-1_6_0-OPENJDK-121023.NASL", "SUSE_11_JAVA-1_7_0-IBM-121113.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120327.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120328.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120503.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120524.NASL", "SUSE_11_LIBPNG-DEVEL-120221.NASL", "SUSE_11_MOZILLA-XULRUNNER192-120220.NASL", "SUSE_11_MOZILLAFIREFOX-120220.NASL", "SUSE_11_TOMCAT6-120206.NASL", "SUSE_11_TOMCAT6-130802.NASL", "SUSE_APACHE2-201202-7972.NASL", "SUSE_APACHE2-7882.NASL", "SUSE_COMPAT-OPENSSL097G-8262.NASL", "SUSE_FIREFOX-201208-8269.NASL", "SUSE_FIREFOX-201210-8327.NASL", "SUSE_FIREFOX-201210B-8348.NASL", "SUSE_FIREFOX-20121121-8381.NASL", "SUSE_FIREFOX-201301-8426.NASL", "SUSE_JAVA-1_4_2-IBM-8366.NASL", "SUSE_JAVA-1_5_0-IBM-8362.NASL", "SUSE_JAVA-1_6_0-IBM-8383.NASL", "SUSE_LIBPNG-7980.NASL", "SUSE_MOZILLAFIREFOX-7981.NASL", "SUSE_OPENSSL-8034.NASL", "SUSE_OPENSSL-8112.NASL", "SUSE_OPENSSL-8143.NASL", "SUSE_SU-2012-1351-1.NASL", "SUSE_SU-2012-1489-1.NASL", "SUSE_SU-2012-1489-2.NASL", "SUSE_SU-2012-1490-1.NASL", "SUSE_SU-2013-0306-1.NASL", "SUSE_SU-2013-0469-1.NASL", "SUSE_TOMCAT5-7688.NASL", "SUSE_TOMCAT5-7689.NASL", "SUSE_TOMCAT5-7755.NASL", "SUSE_TOMCAT5-7756.NASL", "TOMCAT_5_5_34.NASL", "TOMCAT_5_5_35.NASL", "TOMCAT_6_0_33.NASL", "TOMCAT_6_0_35.NASL", "TOMCAT_7_0_12.NASL", "TOMCAT_7_0_19.NASL", "TOMCAT_7_0_21.NASL", "TOMCAT_7_0_22.NASL", "TOMCAT_7_0_23.NASL", "UBUNTU_USN-1252-1.NASL", "UBUNTU_USN-1359-1.NASL", "UBUNTU_USN-1367-1.NASL", "UBUNTU_USN-1367-2.NASL", "UBUNTU_USN-1367-3.NASL", "UBUNTU_USN-1367-4.NASL", "UBUNTU_USN-1368-1.NASL", "UBUNTU_USN-1369-1.NASL", "UBUNTU_USN-1424-1.NASL", "UBUNTU_USN-1428-1.NASL", "UBUNTU_USN-1451-1.NASL", "UBUNTU_USN-1548-1.NASL", "UBUNTU_USN-1548-2.NASL", "UBUNTU_USN-1551-1.NASL", "UBUNTU_USN-1551-2.NASL", "UBUNTU_USN-1600-1.NASL", "UBUNTU_USN-1611-1.NASL", "UBUNTU_USN-1619-1.NASL", "UBUNTU_USN-1620-1.NASL", "UBUNTU_USN-1620-2.NASL", "UBUNTU_USN-1636-1.NASL", "UBUNTU_USN-1638-1.NASL", "UBUNTU_USN-1638-2.NASL", "UBUNTU_USN-1638-3.NASL", "UBUNTU_USN-1681-1.NASL", "UBUNTU_USN-1681-2.NASL", "UBUNTU_USN-1681-3.NASL", "UBUNTU_USN-1681-4.NASL", "VMWARE_ESX_VMSA-2013-0003_REMOTE.NASL", "VMWARE_VCENTER_VMSA-2012-0005.NASL", "VMWARE_VMSA-2012-0005.NASL", "VMWARE_VMSA-2012-0005_REMOTE.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL", "VMWARE_VMSA-2013-0003.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2012-0884", "OPENSSL:CVE-2012-2110", "OPENSSL:CVE-2012-2131", "OPENSSL:CVE-2012-2333"]}, {"type": "openvas", "idList": ["OPENVAS:103293", "OPENVAS:103457", "OPENVAS:103558", "OPENVAS:103672", "OPENVAS:103849", "OPENVAS:1361412562310103242", "OPENVAS:1361412562310103243", "OPENVAS:1361412562310103248", "OPENVAS:1361412562310103293", "OPENVAS:1361412562310103457", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310103672", "OPENVAS:1361412562310103849", "OPENVAS:1361412562310105413", "OPENVAS:1361412562310120130", "OPENVAS:1361412562310120151", "OPENVAS:1361412562310120152", "OPENVAS:1361412562310120253", "OPENVAS:1361412562310120260", "OPENVAS:1361412562310120336", "OPENVAS:1361412562310120337", "OPENVAS:1361412562310120400", "OPENVAS:1361412562310120584", "OPENVAS:1361412562310121000", "OPENVAS:1361412562310121084", "OPENVAS:1361412562310121127", "OPENVAS:1361412562310121235", "OPENVAS:1361412562310122020", "OPENVAS:1361412562310122047", "OPENVAS:1361412562310123776", "OPENVAS:1361412562310123777", "OPENVAS:1361412562310123789", "OPENVAS:1361412562310123790", "OPENVAS:1361412562310123795", "OPENVAS:1361412562310123796", "OPENVAS:1361412562310123797", "OPENVAS:1361412562310123799", "OPENVAS:1361412562310123802", "OPENVAS:1361412562310123804", "OPENVAS:1361412562310123805", "OPENVAS:1361412562310123834", "OPENVAS:1361412562310123835", "OPENVAS:1361412562310123915", "OPENVAS:1361412562310123929", "OPENVAS:1361412562310123938", "OPENVAS:1361412562310123939", "OPENVAS:1361412562310123948", "OPENVAS:1361412562310123980", "OPENVAS:1361412562310123984", "OPENVAS:1361412562310123985", "OPENVAS:1361412562310123986", "OPENVAS:1361412562310123992", "OPENVAS:136141256231070718", "OPENVAS:136141256231070724", "OPENVAS:136141256231070737", "OPENVAS:136141256231070752", "OPENVAS:136141256231071137", "OPENVAS:136141256231071170", "OPENVAS:136141256231071171", "OPENVAS:136141256231071259", "OPENVAS:136141256231071261", "OPENVAS:136141256231071273", "OPENVAS:136141256231071292", "OPENVAS:136141256231071296", "OPENVAS:136141256231071353", "OPENVAS:136141256231071374", "OPENVAS:136141256231071533", "OPENVAS:136141256231071550", "OPENVAS:136141256231071551", "OPENVAS:136141256231071582", "OPENVAS:136141256231071829", "OPENVAS:136141256231071965", "OPENVAS:136141256231072442", "OPENVAS:136141256231072473", "OPENVAS:136141256231072477", "OPENVAS:136141256231072533", "OPENVAS:136141256231072540", "OPENVAS:136141256231072564", "OPENVAS:136141256231072567", "OPENVAS:136141256231072599", "OPENVAS:1361412562310802384", "OPENVAS:1361412562310802385", "OPENVAS:1361412562310802392", "OPENVAS:1361412562310802415", "OPENVAS:1361412562310802479", "OPENVAS:1361412562310802597", "OPENVAS:1361412562310802598", "OPENVAS:1361412562310802599", "OPENVAS:1361412562310802968", "OPENVAS:1361412562310802991", "OPENVAS:1361412562310802992", "OPENVAS:1361412562310802994", "OPENVAS:1361412562310802995", "OPENVAS:1361412562310803005", "OPENVAS:1361412562310803011", "OPENVAS:1361412562310803012", "OPENVAS:1361412562310803013", "OPENVAS:1361412562310803014", "OPENVAS:1361412562310803015", "OPENVAS:1361412562310803016", "OPENVAS:1361412562310803040", "OPENVAS:1361412562310803041", "OPENVAS:1361412562310803055", "OPENVAS:1361412562310803056", "OPENVAS:1361412562310803057", "OPENVAS:1361412562310803058", "OPENVAS:1361412562310803061", "OPENVAS:1361412562310803062", "OPENVAS:1361412562310803347", "OPENVAS:1361412562310803348", "OPENVAS:1361412562310803349", "OPENVAS:1361412562310803350", "OPENVAS:1361412562310803351", "OPENVAS:1361412562310803352", "OPENVAS:1361412562310803353", "OPENVAS:1361412562310803354", "OPENVAS:1361412562310803361", "OPENVAS:1361412562310803362", "OPENVAS:1361412562310803363", "OPENVAS:1361412562310803364", "OPENVAS:1361412562310803365", "OPENVAS:1361412562310803366", "OPENVAS:1361412562310803627", "OPENVAS:1361412562310803628", "OPENVAS:1361412562310803629", "OPENVAS:1361412562310803630", "OPENVAS:1361412562310803631", "OPENVAS:1361412562310803632", "OPENVAS:1361412562310803633", "OPENVAS:1361412562310803634", "OPENVAS:1361412562310803638", "OPENVAS:1361412562310803639", "OPENVAS:1361412562310803640", "OPENVAS:1361412562310803641", "OPENVAS:1361412562310803642", "OPENVAS:1361412562310803643", "OPENVAS:1361412562310803644", "OPENVAS:1361412562310803645", "OPENVAS:1361412562310803667", "OPENVAS:1361412562310803668", "OPENVAS:1361412562310803669", "OPENVAS:1361412562310803670", "OPENVAS:1361412562310803671", "OPENVAS:1361412562310803672", "OPENVAS:1361412562310803673", "OPENVAS:1361412562310803674", "OPENVAS:1361412562310803904", "OPENVAS:1361412562310803905", "OPENVAS:1361412562310803906", "OPENVAS:1361412562310803907", "OPENVAS:1361412562310803908", "OPENVAS:1361412562310803909", "OPENVAS:1361412562310804061", "OPENVAS:1361412562310831472", "OPENVAS:1361412562310831523", "OPENVAS:1361412562310831534", "OPENVAS:1361412562310831550", "OPENVAS:1361412562310831561", "OPENVAS:1361412562310831568", "OPENVAS:1361412562310831586", "OPENVAS:1361412562310831608", "OPENVAS:1361412562310831618", "OPENVAS:1361412562310831657", "OPENVAS:1361412562310831729", "OPENVAS:1361412562310831730", "OPENVAS:1361412562310831749", "OPENVAS:1361412562310840803", "OPENVAS:1361412562310840892", "OPENVAS:1361412562310840896", "OPENVAS:1361412562310840897", "OPENVAS:1361412562310840899", "OPENVAS:1361412562310840900", "OPENVAS:1361412562310840902", "OPENVAS:1361412562310840935", "OPENVAS:1361412562310840985", "OPENVAS:1361412562310840987", "OPENVAS:1361412562310841013", "OPENVAS:1361412562310841124", "OPENVAS:1361412562310841128", "OPENVAS:1361412562310841143", "OPENVAS:1361412562310841165", "OPENVAS:1361412562310841181", "OPENVAS:1361412562310841190", "OPENVAS:1361412562310841200", "OPENVAS:1361412562310841202", "OPENVAS:1361412562310841204", "OPENVAS:1361412562310841219", "OPENVAS:1361412562310841224", "OPENVAS:1361412562310841225", "OPENVAS:1361412562310841230", "OPENVAS:1361412562310841272", "OPENVAS:1361412562310841273", "OPENVAS:1361412562310841289", "OPENVAS:1361412562310841307", "OPENVAS:1361412562310850196", "OPENVAS:1361412562310850210", "OPENVAS:1361412562310850229", "OPENVAS:1361412562310850244", "OPENVAS:1361412562310850319", "OPENVAS:1361412562310850348", "OPENVAS:1361412562310850356", "OPENVAS:1361412562310850359", "OPENVAS:1361412562310850360", "OPENVAS:1361412562310850391", "OPENVAS:1361412562310850421", "OPENVAS:1361412562310850431", "OPENVAS:1361412562310850607", "OPENVAS:1361412562310863592", "OPENVAS:1361412562310863594", "OPENVAS:1361412562310863609", "OPENVAS:1361412562310863755", "OPENVAS:1361412562310863757", "OPENVAS:1361412562310863758", "OPENVAS:1361412562310863759", "OPENVAS:1361412562310863829", "OPENVAS:1361412562310863842", "OPENVAS:1361412562310863889", "OPENVAS:1361412562310863961", "OPENVAS:1361412562310863981", "OPENVAS:1361412562310864012", "OPENVAS:1361412562310864032", "OPENVAS:1361412562310864057", "OPENVAS:1361412562310864102", "OPENVAS:1361412562310864117", "OPENVAS:1361412562310864125", "OPENVAS:1361412562310864136", "OPENVAS:1361412562310864137", "OPENVAS:1361412562310864147", "OPENVAS:1361412562310864149", "OPENVAS:1361412562310864153", "OPENVAS:1361412562310864175", "OPENVAS:1361412562310864179", "OPENVAS:1361412562310864192", "OPENVAS:1361412562310864229", "OPENVAS:1361412562310864279", "OPENVAS:1361412562310864283", "OPENVAS:1361412562310864319", "OPENVAS:1361412562310864325", "OPENVAS:1361412562310864327", "OPENVAS:1361412562310864335", "OPENVAS:1361412562310864344", "OPENVAS:1361412562310864376", "OPENVAS:1361412562310864380", "OPENVAS:1361412562310864390", "OPENVAS:1361412562310864616", "OPENVAS:1361412562310864913", "OPENVAS:1361412562310864916", "OPENVAS:1361412562310865434", "OPENVAS:1361412562310870525", "OPENVAS:1361412562310870546", "OPENVAS:1361412562310870549", "OPENVAS:1361412562310870564", "OPENVAS:1361412562310870566", "OPENVAS:1361412562310870571", "OPENVAS:1361412562310870578", "OPENVAS:1361412562310870585", "OPENVAS:1361412562310870589", "OPENVAS:1361412562310870631", "OPENVAS:1361412562310870651", "OPENVAS:1361412562310870707", "OPENVAS:1361412562310870714", "OPENVAS:1361412562310870745", "OPENVAS:1361412562310870817", "OPENVAS:1361412562310870818", "OPENVAS:1361412562310870843", "OPENVAS:1361412562310870844", "OPENVAS:1361412562310870846", "OPENVAS:1361412562310870848", "OPENVAS:1361412562310870851", "OPENVAS:1361412562310870852", "OPENVAS:1361412562310870853", "OPENVAS:1361412562310870854", "OPENVAS:1361412562310870855", "OPENVAS:1361412562310870865", "OPENVAS:1361412562310870866", "OPENVAS:1361412562310881059", "OPENVAS:1361412562310881065", "OPENVAS:1361412562310881072", "OPENVAS:1361412562310881089", "OPENVAS:1361412562310881096", "OPENVAS:1361412562310881100", "OPENVAS:1361412562310881108", "OPENVAS:1361412562310881121", "OPENVAS:1361412562310881126", "OPENVAS:1361412562310881133", "OPENVAS:1361412562310881139", "OPENVAS:1361412562310881140", "OPENVAS:1361412562310881148", "OPENVAS:1361412562310881151", "OPENVAS:1361412562310881156", "OPENVAS:1361412562310881188", "OPENVAS:1361412562310881190", "OPENVAS:1361412562310881208", "OPENVAS:1361412562310881212", "OPENVAS:1361412562310881269", "OPENVAS:1361412562310881445", "OPENVAS:1361412562310881478", "OPENVAS:1361412562310881479", "OPENVAS:1361412562310881480", "OPENVAS:1361412562310881481", "OPENVAS:1361412562310881512", "OPENVAS:1361412562310881513", "OPENVAS:1361412562310881514", "OPENVAS:1361412562310881515", "OPENVAS:1361412562310881517", "OPENVAS:1361412562310881518", "OPENVAS:1361412562310881521", "OPENVAS:1361412562310881523", "OPENVAS:1361412562310881524", "OPENVAS:1361412562310881525", "OPENVAS:1361412562310881526", "OPENVAS:1361412562310881528", "OPENVAS:1361412562310881529", "OPENVAS:1361412562310881531", "OPENVAS:1361412562310881532", "OPENVAS:1361412562310881541", "OPENVAS:1361412562310881542", "OPENVAS:1361412562310881543", "OPENVAS:1361412562310881544", "OPENVAS:1361412562310892553", "OPENVAS:1361412562310892583", "OPENVAS:1361412562310892584", "OPENVAS:1361412562310892588", "OPENVAS:1361412562310902830", "OPENVAS:1361412562311220191421", "OPENVAS:1361412562311220191548", "OPENVAS:70718", "OPENVAS:70724", "OPENVAS:70737", "OPENVAS:70752", "OPENVAS:71137", "OPENVAS:71170", "OPENVAS:71171", "OPENVAS:71259", "OPENVAS:71261", "OPENVAS:71273", "OPENVAS:71292", "OPENVAS:71296", "OPENVAS:71353", "OPENVAS:71374", "OPENVAS:71533", "OPENVAS:71550", "OPENVAS:71551", "OPENVAS:71582", "OPENVAS:71829", "OPENVAS:71965", "OPENVAS:72442", "OPENVAS:72473", "OPENVAS:72477", "OPENVAS:72533", "OPENVAS:72540", "OPENVAS:72564", "OPENVAS:72567", "OPENVAS:72599", "OPENVAS:802392", "OPENVAS:802479", "OPENVAS:802597", "OPENVAS:802598", "OPENVAS:802599", "OPENVAS:802968", "OPENVAS:802991", "OPENVAS:802992", "OPENVAS:802994", "OPENVAS:802995", "OPENVAS:803005", "OPENVAS:803011", "OPENVAS:803012", "OPENVAS:803013", "OPENVAS:803014", "OPENVAS:803015", "OPENVAS:803016", "OPENVAS:803040", "OPENVAS:803041", "OPENVAS:803055", "OPENVAS:803056", "OPENVAS:803061", "OPENVAS:803062", "OPENVAS:803347", "OPENVAS:803348", "OPENVAS:803349", "OPENVAS:803350", "OPENVAS:803351", "OPENVAS:803352", "OPENVAS:803361", "OPENVAS:803362", "OPENVAS:803363", "OPENVAS:803364", "OPENVAS:803627", "OPENVAS:803628", "OPENVAS:803629", "OPENVAS:803630", "OPENVAS:803631", "OPENVAS:803632", "OPENVAS:803633", "OPENVAS:803634", "OPENVAS:803638", "OPENVAS:803639", "OPENVAS:803640", "OPENVAS:803641", "OPENVAS:803642", "OPENVAS:803643", "OPENVAS:803644", "OPENVAS:803645", "OPENVAS:803667", "OPENVAS:803668", "OPENVAS:803669", "OPENVAS:803670", "OPENVAS:803671", "OPENVAS:803672", "OPENVAS:803673", "OPENVAS:803674", "OPENVAS:803904", "OPENVAS:803905", "OPENVAS:803906", "OPENVAS:803907", "OPENVAS:803908", "OPENVAS:803909", "OPENVAS:831472", "OPENVAS:831523", "OPENVAS:831534", "OPENVAS:831550", "OPENVAS:831561", "OPENVAS:831568", "OPENVAS:831586", "OPENVAS:831608", "OPENVAS:831618", "OPENVAS:831657", "OPENVAS:831729", "OPENVAS:831730", "OPENVAS:831749", "OPENVAS:840803", "OPENVAS:840892", "OPENVAS:840896", "OPENVAS:840897", "OPENVAS:840899", "OPENVAS:840900", "OPENVAS:840902", "OPENVAS:840935", "OPENVAS:840985", "OPENVAS:840987", "OPENVAS:841013", "OPENVAS:841124", "OPENVAS:841128", "OPENVAS:841143", "OPENVAS:841165", "OPENVAS:841181", "OPENVAS:841190", "OPENVAS:841200", "OPENVAS:841202", "OPENVAS:841204", "OPENVAS:841219", "OPENVAS:841224", "OPENVAS:841225", "OPENVAS:841230", "OPENVAS:841272", "OPENVAS:841273", "OPENVAS:841289", "OPENVAS:841307", "OPENVAS:850196", "OPENVAS:850210", "OPENVAS:850229", "OPENVAS:850244", "OPENVAS:850319", "OPENVAS:850348", "OPENVAS:850356", "OPENVAS:850359", "OPENVAS:850360", "OPENVAS:850391", "OPENVAS:850421", "OPENVAS:850431", "OPENVAS:863592", "OPENVAS:863594", "OPENVAS:863609", "OPENVAS:863755", "OPENVAS:863757", "OPENVAS:863758", "OPENVAS:863759", "OPENVAS:863829", "OPENVAS:863842", "OPENVAS:863889", "OPENVAS:863961", "OPENVAS:863981", "OPENVAS:864012", "OPENVAS:864032", "OPENVAS:864057", "OPENVAS:864102", "OPENVAS:864117", "OPENVAS:864125", "OPENVAS:864136", "OPENVAS:864137", "OPENVAS:864147", "OPENVAS:864149", "OPENVAS:864153", "OPENVAS:864175", "OPENVAS:864179", "OPENVAS:864192", "OPENVAS:864229", "OPENVAS:864279", "OPENVAS:864283", "OPENVAS:864319", "OPENVAS:864325", "OPENVAS:864327", "OPENVAS:864335", "OPENVAS:864344", "OPENVAS:864376", "OPENVAS:864380", "OPENVAS:864390", "OPENVAS:864616", "OPENVAS:864913", "OPENVAS:864916", "OPENVAS:865434", "OPENVAS:870525", "OPENVAS:870546", "OPENVAS:870549", "OPENVAS:870564", "OPENVAS:870571", "OPENVAS:870578", "OPENVAS:870585", "OPENVAS:870589", "OPENVAS:870631", "OPENVAS:870651", "OPENVAS:870707", "OPENVAS:870714", "OPENVAS:870745", "OPENVAS:870817", "OPENVAS:870818", "OPENVAS:870843", "OPENVAS:870844", "OPENVAS:870846", "OPENVAS:870848", "OPENVAS:870851", "OPENVAS:870852", "OPENVAS:870853", "OPENVAS:870854", "OPENVAS:870855", "OPENVAS:870865", "OPENVAS:870866", "OPENVAS:881059", "OPENVAS:881065", "OPENVAS:881072", "OPENVAS:881089", "OPENVAS:881096", "OPENVAS:881100", "OPENVAS:881108", "OPENVAS:881121", "OPENVAS:881126", "OPENVAS:881133", "OPENVAS:881139", "OPENVAS:881140", "OPENVAS:881148", "OPENVAS:881151", "OPENVAS:881156", "OPENVAS:881188", "OPENVAS:881190", "OPENVAS:881208", "OPENVAS:881212", "OPENVAS:881269", "OPENVAS:881445", "OPENVAS:881478", "OPENVAS:881479", "OPENVAS:881480", "OPENVAS:881481", "OPENVAS:881512", "OPENVAS:881513", "OPENVAS:881514", "OPENVAS:881515", "OPENVAS:881517", "OPENVAS:881518", "OPENVAS:881521", "OPENVAS:881523", "OPENVAS:881524", "OPENVAS:881525", "OPENVAS:881526", "OPENVAS:881528", "OPENVAS:881529", "OPENVAS:881531", "OPENVAS:881532", "OPENVAS:881541", "OPENVAS:881542", "OPENVAS:881543", "OPENVAS:881544", "OPENVAS:892553", "OPENVAS:892583", "OPENVAS:892584", "OPENVAS:892588"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2013-1515902", "ORACLE:CPUJAN2015", "ORACLE:CPUJUL2012-392727", "ORACLE:CPUOCT2012-1515893"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1780", "ELSA-2011-1845", "ELSA-2012-0128", "ELSA-2012-0140", "ELSA-2012-0141", "ELSA-2012-0142", "ELSA-2012-0143", "ELSA-2012-0317", "ELSA-2012-0323", "ELSA-2012-0426", "ELSA-2012-0474", "ELSA-2012-0475", "ELSA-2012-0518", "ELSA-2012-0699", "ELSA-2012-1210", "ELSA-2012-1211", "ELSA-2012-1350", "ELSA-2012-1351", "ELSA-2012-1361", "ELSA-2012-1362", "ELSA-2012-1384", "ELSA-2012-1385", "ELSA-2012-1386", "ELSA-2012-1407", "ELSA-2012-1413", "ELSA-2012-1482", "ELSA-2012-1483", "ELSA-2012-2011", "ELSA-2013-0512", "ELSA-2014-0626", "ELSA-2015-3022", "ELSA-2016-3621", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DSA-2401-1", "OSV:DSA-2405-1", "OSV:DSA-2410-1", "OSV:DSA-2454-1", "OSV:DSA-2454-2", "OSV:DSA-2475-1", "OSV:DSA-2553-1", "OSV:DSA-2554-1", "OSV:DSA-2556-1", "OSV:DSA-2565-1", "OSV:DSA-2569-1", "OSV:DSA-2572-1", "OSV:DSA-2583-1", "OSV:DSA-2584-1", "OSV:DSA-2588-1", "OSV:GHSA-4F7H-9J2X-CMR4", "OSV:GHSA-6CR4-7C7P-P3XV", "OSV:GHSA-8H2Q-QM9X-55JC", "OSV:GHSA-99RF-92V6-CWX4", "OSV:GHSA-9GGM-7897-X4MG", "OSV:GHSA-C57P-3V2G-W9RG", "OSV:GHSA-HFFM-FQV4-W27R", "OSV:GHSA-Q9XF-JWR4-V445"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:109284", "PACKETSTORM:124564", "PACKETSTORM:141118"]}, {"type": "redhat", "idList": ["RHSA-2011:1780", "RHSA-2011:1845", "RHSA-2012:0041", "RHSA-2012:0074", "RHSA-2012:0075", "RHSA-2012:0076", "RHSA-2012:0128", "RHSA-2012:0140", "RHSA-2012:0141", "RHSA-2012:0142", "RHSA-2012:0143", "RHSA-2012:0317", "RHSA-2012:0323", "RHSA-2012:0426", "RHSA-2012:0474", "RHSA-2012:0475", "RHSA-2012:0488", "RHSA-2012:0518", "RHSA-2012:0522", "RHSA-2012:0531", "RHSA-2012:0542", "RHSA-2012:0543", "RHSA-2012:0679", "RHSA-2012:0680", "RHSA-2012:0681", "RHSA-2012:0682", "RHSA-2012:0699", "RHSA-2012:1210", "RHSA-2012:1211", "RHSA-2012:1306", "RHSA-2012:1307", "RHSA-2012:1308", "RHSA-2012:1331", "RHSA-2012:1350", "RHSA-2012:1351", "RHSA-2012:1361", "RHSA-2012:1362", "RHSA-2012:1384", "RHSA-2012:1385", "RHSA-2012:1386", "RHSA-2012:1391", "RHSA-2012:1392", "RHSA-2012:1407", "RHSA-2012:1413", "RHSA-2012:1465", "RHSA-2012:1466", "RHSA-2012:1467", "RHSA-2012:1482", "RHSA-2012:1483", "RHSA-2012:1485", "RHSA-2013:1455", "RHSA-2013:1456"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26655", "SECURITYVULNS:DOC:26953", "SECURITYVULNS:DOC:27069", "SECURITYVULNS:DOC:27565", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:DOC:27611", "SECURITYVULNS:DOC:27691", "SECURITYVULNS:DOC:27826", "SECURITYVULNS:DOC:27870", "SECURITYVULNS:DOC:27941", "SECURITYVULNS:DOC:28007", "SECURITYVULNS:DOC:28164", "SECURITYVULNS:DOC:28555", "SECURITYVULNS:DOC:28576", "SECURITYVULNS:DOC:28577", "SECURITYVULNS:DOC:28598", "SECURITYVULNS:DOC:28706", "SECURITYVULNS:DOC:29227", "SECURITYVULNS:DOC:29464", "SECURITYVULNS:DOC:29623", "SECURITYVULNS:DOC:29856", "SECURITYVULNS:DOC:30448", "SECURITYVULNS:VULN:11792", "SECURITYVULNS:VULN:11888", "SECURITYVULNS:VULN:11927", "SECURITYVULNS:VULN:11968", "SECURITYVULNS:VULN:12149", "SECURITYVULNS:VULN:12164", "SECURITYVULNS:VULN:12166", "SECURITYVULNS:VULN:12209", "SECURITYVULNS:VULN:12279", "SECURITYVULNS:VULN:12306", "SECURITYVULNS:VULN:12332", "SECURITYVULNS:VULN:12383", "SECURITYVULNS:VULN:12425", "SECURITYVULNS:VULN:12551", "SECURITYVULNS:VULN:12596", "SECURITYVULNS:VULN:12597", "SECURITYVULNS:VULN:12610", "SECURITYVULNS:VULN:12639", "SECURITYVULNS:VULN:12665", "SECURITYVULNS:VULN:12672", "SECURITYVULNS:VULN:12679", "SECURITYVULNS:VULN:12723", "SECURITYVULNS:VULN:12816", "SECURITYVULNS:VULN:12836", "SECURITYVULNS:VULN:12977", "SECURITYVULNS:VULN:13198", "SECURITYVULNS:VULN:13310", "SECURITYVULNS:VULN:13663"]}, {"type": "seebug", "idList": ["SSV:20737", "SSV:24250", "SSV:30033", "SSV:30034", "SSV:30056", "SSV:30076", "SSV:30094", "SSV:60076", "SSV:61208", "SSV:72797", "SSV:83857"]}, {"type": "slackware", "idList": ["SSA-2012-041-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0208-1", "OPENSUSE-SU-2012:0297-1", "OPENSUSE-SU-2012:0314-1", "OPENSUSE-SU-2012:0316-1", "OPENSUSE-SU-2012:1064-1", "OPENSUSE-SU-2012:1065-1", "OPENSUSE-SU-2012:1345-1", "OPENSUSE-SU-2012:1412-1", "OPENSUSE-SU-2012:1419-1", "OPENSUSE-SU-2012:1423-1", "OPENSUSE-SU-2012:1424-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1", "OPENSUSE-SU-2013:0175-1", "OPENSUSE-SU-2014:1100-1", "SUSE-SU-2012:0155-1", "SUSE-SU-2012:0284-1", "SUSE-SU-2012:0298-1", "SUSE-SU-2012:0303-1", "SUSE-SU-2012:0318-1", "SUSE-SU-2012:0323-1", "SUSE-SU-2012:0623-1", "SUSE-SU-2012:0637-1", "SUSE-SU-2012:0674-1", "SUSE-SU-2012:0678-1", "SUSE-SU-2012:0679-1", "SUSE-SU-2012:1149-1", "SUSE-SU-2012:1149-2", "SUSE-SU-2012:1157-1", "SUSE-SU-2012:1167-1", "SUSE-SU-2012:1351-1", "SUSE-SU-2012:1398-1", "SUSE-SU-2012:1426-1", "SUSE-SU-2012:1489-1", "SUSE-SU-2012:1489-2", "SUSE-SU-2012:1490-1", "SUSE-SU-2012:1588-1", "SUSE-SU-2012:1592-1", "SUSE-SU-2012:1595-1", "SUSE-SU-2013:0048-1", "SUSE-SU-2013:0049-1", "SUSE-SU-2013:0292-1", "SUSE-SU-2013:0306-1"]}, {"type": "thn", "idList": ["THN:09512E1CB871E781EB03FAA14532FE09"]}, {"type": "threatpost", "idList": ["THREATPOST:44E8157609650EEB3E678BC8C1CDF059", "THREATPOST:4FEFFA1B0B63381DF2E709F006C9B8BC", "THREATPOST:5ABA4DDB709C933D01DC2E11880B1AFB", "THREATPOST:9982AC17285494A6CE329FC5C04DD84A", "THREATPOST:B5CB39945899ADD3A3D3790E21175180", "THREATPOST:F992B1B74265E26E8C7499D1F03622D7"]}, {"type": "tomcat", "idList": ["TOMCAT:0157002440BA811105303391A35305A9", "TOMCAT:069B7EBB4E58EC2D5411D908E561D693", "TOMCAT:15CD6728C2514DB3DDC5BB2791C15B30", "TOMCAT:17C084F4766F9132988E022F51470E73", "TOMCAT:5CF1AC4DD8BA54DDC8B420B82C25DBD7", "TOMCAT:849CF1402BC4CAFABDA4ED36FA85F4FA", "TOMCAT:B1319C32D6CC051C1213CFD338FD99C3", "TOMCAT:B381EB137FE969CF22F68315CBD8CA51", "TOMCAT:EA3D2D7C5F724461ADF487B3F1B37FFE"]}, {"type": "ubuntu", "idList": ["USN-1252-1", "USN-1359-1", "USN-1367-1", "USN-1367-2", "USN-1367-3", "USN-1367-4", "USN-1368-1", "USN-1369-1", "USN-1424-1", "USN-1428-1", "USN-1451-1", "USN-1548-1", "USN-1548-2", "USN-1551-1", "USN-1551-2", "USN-1600-1", "USN-1611-1", "USN-1619-1", "USN-1620-1", "USN-1620-2", "USN-1636-1", "USN-1638-1", "USN-1638-2", "USN-1638-3", "USN-1681-1", "USN-1681-2", "USN-1681-3", "USN-1681-4"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1184", "UB:CVE-2011-2204", "UB:CVE-2011-2526", "UB:CVE-2011-3026", "UB:CVE-2011-3045", "UB:CVE-2011-3190", "UB:CVE-2011-3375", "UB:CVE-2011-3639", "UB:CVE-2011-4317", "UB:CVE-2011-4858", "UB:CVE-2011-5062", "UB:CVE-2011-5063", "UB:CVE-2011-5064", "UB:CVE-2012-0022", "UB:CVE-2012-0053", "UB:CVE-2012-0884", "UB:CVE-2012-1165", "UB:CVE-2012-1956", "UB:CVE-2012-1970", "UB:CVE-2012-1972", "UB:CVE-2012-1973", "UB:CVE-2012-1974", "UB:CVE-2012-1975", "UB:CVE-2012-1976", "UB:CVE-2012-2110", "UB:CVE-2012-2131", "UB:CVE-2012-2333", "UB:CVE-2012-3956", "UB:CVE-2012-3957", "UB:CVE-2012-3958", "UB:CVE-2012-3959", "UB:CVE-2012-3960", "UB:CVE-2012-3961", "UB:CVE-2012-3962", "UB:CVE-2012-3963", "UB:CVE-2012-3964", "UB:CVE-2012-3966", "UB:CVE-2012-3967", "UB:CVE-2012-3968", "UB:CVE-2012-3969", "UB:CVE-2012-3970", "UB:CVE-2012-3972", "UB:CVE-2012-3976", "UB:CVE-2012-3978", "UB:CVE-2012-3980", "UB:CVE-2012-3982", "UB:CVE-2012-3986", "UB:CVE-2012-3988", "UB:CVE-2012-3990", "UB:CVE-2012-3991", "UB:CVE-2012-3992", "UB:CVE-2012-3993", "UB:CVE-2012-3994", "UB:CVE-2012-3995", "UB:CVE-2012-4179", "UB:CVE-2012-4180", "UB:CVE-2012-4181", "UB:CVE-2012-4182", "UB:CVE-2012-4183", "UB:CVE-2012-4184", "UB:CVE-2012-4185", "UB:CVE-2012-4186", "UB:CVE-2012-4187", "UB:CVE-2012-4188", "UB:CVE-2012-4192", "UB:CVE-2012-4193", "UB:CVE-2012-4194", "UB:CVE-2012-4195", "UB:CVE-2012-4196", "UB:CVE-2012-4201", "UB:CVE-2012-4202", "UB:CVE-2012-4207", "UB:CVE-2012-4209", "UB:CVE-2012-4210", "UB:CVE-2012-4214", "UB:CVE-2012-4215", "UB:CVE-2012-4216", "UB:CVE-2012-5081", "UB:CVE-2012-5829", "UB:CVE-2012-5830", "UB:CVE-2012-5833", "UB:CVE-2012-5835", "UB:CVE-2012-5839", "UB:CVE-2012-5840", "UB:CVE-2012-5841", "UB:CVE-2012-5842", "UB:CVE-2012-5885"]}, {"type": "veracode", "idList": ["VERACODE:10700", "VERACODE:10733", "VERACODE:10746", "VERACODE:11065", "VERACODE:11212", "VERACODE:11223", "VERACODE:11270", "VERACODE:11314", "VERACODE:11326", "VERACODE:13732", "VERACODE:13733", "VERACODE:13734", "VERACODE:13736", "VERACODE:13738", "VERACODE:13740", "VERACODE:13742", "VERACODE:13745", "VERACODE:13747", "VERACODE:13749", "VERACODE:13751", "VERACODE:13753", "VERACODE:13754", "VERACODE:13755", "VERACODE:13756", "VERACODE:13757", "VERACODE:13758", "VERACODE:13759", "VERACODE:13760", "VERACODE:13761", "VERACODE:13762", "VERACODE:13763", "VERACODE:13770", "VERACODE:13771", "VERACODE:13772", "VERACODE:13773", "VERACODE:13774", "VERACODE:13776", "VERACODE:13777", "VERACODE:13779", "VERACODE:13781", "VERACODE:13783", "VERACODE:13784", "VERACODE:13785", "VERACODE:13786", "VERACODE:13787", "VERACODE:13788", "VERACODE:13912", "VERACODE:13913", "VERACODE:13914", "VERACODE:13915", "VERACODE:13916", "VERACODE:13917", "VERACODE:13918", "VERACODE:13919", "VERACODE:13920", "VERACODE:13921", "VERACODE:13922", "VERACODE:13923", "VERACODE:13924", "VERACODE:13925", "VERACODE:13926", "VERACODE:13927", "VERACODE:13928", "VERACODE:13929", "VERACODE:13930", "VERACODE:13931", "VERACODE:13932", "VERACODE:13933", "VERACODE:13934", "VERACODE:14016", "VERACODE:14017", "VERACODE:14018", "VERACODE:14019", "VERACODE:14020", "VERACODE:14021", "VERACODE:14022", "VERACODE:14023", "VERACODE:14024", "VERACODE:14025", "VERACODE:14026", "VERACODE:14027", "VERACODE:14028", "VERACODE:14029", "VERACODE:14030", "VERACODE:14031", "VERACODE:14032", "VERACODE:14033", "VERACODE:14034", "VERACODE:14057", "VERACODE:14058", "VERACODE:24963", "VERACODE:24964", "VERACODE:24966", "VERACODE:3519", "VERACODE:3520", "VERACODE:3521", "VERACODE:3522", "VERACODE:7888"]}, {"type": "vmware", "idList": ["VMSA-2012-0005", "VMSA-2012-0005.4", "VMSA-2012-0013", "VMSA-2012-0013.2", "VMSA-2013-0003"]}, {"type": "zdt", "idList": ["1337DAY-ID-21704"]}]}, "affected_software": {"major_version": [{"name": "network attached storage (nas)->scale out network attached storage", "version": 1}]}, "epss": [{"cve": "CVE-2011-1184", "epss": 0.00181, "percentile": 0.53758, "modified": "2023-05-01"}, {"cve": "CVE-2011-2204", "epss": 0.00045, "percentile": 0.12508, "modified": "2023-05-02"}, {"cve": "CVE-2011-2526", "epss": 0.00046, "percentile": 0.14066, "modified": "2023-05-02"}, {"cve": "CVE-2011-3026", "epss": 0.9058, "percentile": 0.98291, "modified": "2023-05-01"}, {"cve": "CVE-2011-3190", "epss": 0.00573, "percentile": 0.74679, "modified": "2023-05-02"}, {"cve": "CVE-2011-3375", "epss": 0.0025, "percentile": 0.61365, "modified": "2023-05-02"}, {"cve": "CVE-2011-3639", "epss": 0.01813, "percentile": 0.86379, "modified": "2023-05-02"}, {"cve": "CVE-2011-4317", "epss": 0.95741, "percentile": 0.9907, "modified": "2023-05-02"}, {"cve": "CVE-2012-0022", "epss": 0.11, "percentile": 0.94242, "modified": "2023-05-02"}, {"cve": "CVE-2012-0053", "epss": 0.96201, "percentile": 0.99211, "modified": "2023-05-02"}, {"cve": "CVE-2012-0884", "epss": 0.00867, "percentile": 0.79999, "modified": "2023-05-01"}, {"cve": "CVE-2012-1165", "epss": 0.41782, "percentile": 0.96741, "modified": "2023-05-01"}, {"cve": "CVE-2012-1956", "epss": 0.00333, "percentile": 0.6678, "modified": "2023-05-01"}, {"cve": "CVE-2012-1970", "epss": 0.01661, "percentile": 0.85755, "modified": "2023-05-01"}, {"cve": "CVE-2012-1972", "epss": 0.03349, "percentile": 0.89942, "modified": "2023-05-01"}, {"cve": "CVE-2012-1973", "epss": 0.03349, "percentile": 0.89944, "modified": "2023-05-02"}, {"cve": "CVE-2012-1974", "epss": 0.03349, "percentile": 0.89942, "modified": "2023-05-01"}, {"cve": "CVE-2012-1975", "epss": 0.03349, "percentile": 0.89942, "modified": "2023-05-01"}, {"cve": "CVE-2012-1976", "epss": 0.03972, "percentile": 0.90701, "modified": "2023-05-01"}, {"cve": "CVE-2012-2110", "epss": 0.11013, "percentile": 0.94249, "modified": "2023-05-01"}, {"cve": "CVE-2012-2333", "epss": 0.05271, "percentile": 0.91844, "modified": "2023-05-01"}, {"cve": "CVE-2012-3956", "epss": 0.03542, "percentile": 0.90206, "modified": "2023-05-01"}, {"cve": "CVE-2012-3957", "epss": 0.05257, "percentile": 0.91832, "modified": "2023-05-01"}, {"cve": "CVE-2012-3958", "epss": 0.08186, "percentile": 0.93339, "modified": "2023-05-01"}, {"cve": "CVE-2012-3959", "epss": 0.03349, "percentile": 0.89942, "modified": "2023-05-01"}, {"cve": "CVE-2012-3960", "epss": 0.03542, "percentile": 0.90206, "modified": "2023-05-01"}, {"cve": "CVE-2012-3961", "epss": 0.03971, "percentile": 0.907, "modified": "2023-05-01"}, {"cve": "CVE-2012-3962", "epss": 0.08141, "percentile": 0.93323, "modified": "2023-05-01"}, {"cve": "CVE-2012-3963", "epss": 0.03893, "percentile": 0.90607, "modified": "2023-05-01"}, {"cve": "CVE-2012-3964", "epss": 0.08186, "percentile": 0.93339, "modified": "2023-05-01"}, {"cve": "CVE-2012-3966", "epss": 0.07556, "percentile": 0.93131, "modified": "2023-05-01"}, {"cve": "CVE-2012-3967", "epss": 0.00885, "percentile": 0.80203, "modified": "2023-05-01"}, {"cve": "CVE-2012-3968", "epss": 0.03541, "percentile": 0.90204, "modified": "2023-05-01"}, {"cve": "CVE-2012-3969", "epss": 0.17395, "percentile": 0.95301, "modified": "2023-05-01"}, {"cve": "CVE-2012-3970", "epss": 0.08186, "percentile": 0.93339, "modified": "2023-05-01"}, {"cve": "CVE-2012-3972", "epss": 0.00244, "percentile": 0.6087, "modified": "2023-05-01"}, {"cve": "CVE-2012-3976", "epss": 0.00208, "percentile": 0.572, "modified": "2023-05-01"}, {"cve": "CVE-2012-3978", "epss": 0.01549, "percentile": 0.85197, "modified": "2023-05-01"}, {"cve": "CVE-2012-3980", "epss": 0.01824, "percentile": 0.8643, "modified": "2023-05-01"}, {"cve": "CVE-2012-3982", "epss": 0.01391, "percentile": 0.84374, "modified": "2023-05-01"}, {"cve": "CVE-2012-3986", "epss": 0.00441, "percentile": 0.71047, "modified": "2023-05-01"}, {"cve": "CVE-2012-3988", "epss": 0.07322, "percentile": 0.93051, "modified": "2023-05-01"}, {"cve": "CVE-2012-3990", "epss": 0.03235, "percentile": 0.89774, "modified": "2023-05-01"}, {"cve": "CVE-2012-3991", "epss": 0.01242, "percentile": 0.83445, "modified": "2023-05-01"}, {"cve": "CVE-2012-3992", "epss": 0.00368, "percentile": 0.68369, "modified": "2023-05-01"}, {"cve": "CVE-2012-3993", "epss": 0.01467, "percentile": 0.84735, "modified": "2023-05-01"}, {"cve": "CVE-2012-3994", "epss": 0.00292, "percentile": 0.6444, "modified": "2023-05-01"}, {"cve": "CVE-2012-3995", "epss": 0.02252, "percentile": 0.87923, "modified": "2023-05-01"}, {"cve": "CVE-2012-4179", "epss": 0.02133, "percentile": 0.87575, "modified": "2023-05-01"}, {"cve": "CVE-2012-4180", "epss": 0.7132, "percentile": 0.97521, "modified": "2023-05-01"}, {"cve": "CVE-2012-4181", "epss": 0.02967, "percentile": 0.89361, "modified": "2023-05-01"}, {"cve": "CVE-2012-4182", "epss": 0.02133, "percentile": 0.87575, "modified": "2023-05-01"}, {"cve": "CVE-2012-4183", "epss": 0.02103, "percentile": 0.87492, "modified": "2023-05-01"}, {"cve": "CVE-2012-4184", "epss": 0.00328, "percentile": 0.66474, "modified": "2023-05-01"}, {"cve": "CVE-2012-4185", "epss": 0.02713, "percentile": 0.88929, "modified": "2023-05-01"}, {"cve": "CVE-2012-4186", "epss": 0.7132, "percentile": 0.97521, "modified": "2023-05-01"}, {"cve": "CVE-2012-4187", "epss": 0.03489, "percentile": 0.90126, "modified": "2023-05-01"}, {"cve": "CVE-2012-4188", "epss": 0.7132, "percentile": 0.97521, "modified": "2023-05-01"}, {"cve": "CVE-2012-4193", "epss": 0.02251, "percentile": 0.87917, "modified": "2023-05-01"}, {"cve": "CVE-2012-4194", "epss": 0.00386, "percentile": 0.69151, "modified": "2023-05-01"}, {"cve": "CVE-2012-4195", "epss": 0.00227, "percentile": 0.59406, "modified": "2023-05-01"}, {"cve": "CVE-2012-4196", "epss": 0.00525, "percentile": 0.7349, "modified": "2023-05-01"}, {"cve": "CVE-2012-4201", "epss": 0.00324, "percentile": 0.663, "modified": "2023-05-01"}, {"cve": "CVE-2012-4202", "epss": 0.02658, "percentile": 0.88824, "modified": "2023-05-01"}, {"cve": "CVE-2012-4207", "epss": 0.00324, "percentile": 0.663, "modified": "2023-05-01"}, {"cve": "CVE-2012-4209", "epss": 0.00201, "percentile": 0.56423, "modified": "2023-05-01"}, {"cve": "CVE-2012-4210", "epss": 0.01524, "percentile": 0.85072, "modified": "2023-05-01"}, {"cve": "CVE-2012-4214", "epss": 0.01621, "percentile": 0.85598, "modified": "2023-05-01"}, {"cve": "CVE-2012-4215", "epss": 0.01528, "percentile": 0.85091, "modified": "2023-05-01"}, {"cve": "CVE-2012-4216", "epss": 0.02492, "percentile": 0.88505, "modified": "2023-05-01"}, {"cve": "CVE-2012-4859", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2012-5081", "epss": 0.04214, "percentile": 0.90954, "modified": "2023-05-01"}, {"cve": "CVE-2012-5829", "epss": 0.03125, "percentile": 0.89623, "modified": "2023-05-01"}, {"cve": "CVE-2012-5830", "epss": 0.02151, "percentile": 0.87642, "modified": "2023-05-01"}, {"cve": "CVE-2012-5833", "epss": 0.01492, "percentile": 0.84876, "modified": "2023-05-01"}, {"cve": "CVE-2012-5835", "epss": 0.01437, "percentile": 0.84593, "modified": "2023-05-01"}, {"cve": "CVE-2012-5839", "epss": 0.02839, "percentile": 0.89153, "modified": "2023-05-01"}, {"cve": "CVE-2012-5840", "epss": 0.01623, "percentile": 0.85607, "modified": "2023-05-01"}, {"cve": "CVE-2012-5841", "epss": 0.00138, "percentile": 0.47879, "modified": "2023-05-01"}, {"cve": "CVE-2012-5842", "epss": 0.00749, "percentile": 0.78274, "modified": "2023-05-01"}, {"cve": "CVE-2012-5954", "epss": 0.00311, "percentile": 0.65579, "modified": "2023-05-02"}], "vulnersScore": -0.3}, "_state": {"score": 1687586288, "dependencies": 1687586304, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "9da69162e1e7c9a395eb471d06c871b0"}, "affectedSoftware": [{"version": "1.3.2", "operator": "eq", "name": "network attached storage (nas)->scale out network attached storage"}]}

{"ibm": [{"lastseen": "2022-09-29T21:26:05", "description": "## Abstract\n\nStorwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components.\n\n## Content\n\n**VULNERABILITY DETAILS: ** \n \n**CVE ID:** \n \n\n\n**Vendor**| **Vendor ID**| **Vendor Title**| **Included CVEs** \n---|---|---|--- \nIBM| [_TSM 6.3.1.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615292>)| Two unauthorized access vulnerabilities in IBM TSM for Space Management| [_CVE-2012-4859_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4859>) \n[_CVE-2012-5954_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5954>) \nIBM| [_IBM Java 6.0.0 SR12_](<https://www.ibm.com/developerworks/java/jdk/alerts/>)| Oracle October 16 2012 CPU| [_CVE-2012-5081_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081>) \nRed Hat| [_RHSA-2012-1210_](<https://rhn.redhat.com/errata/RHSA-2012-1210.html>)| Critical: Firefox security update| [_CVE-2012-1970_](<https://www.redhat.com/security/data/cve/CVE-2012-1970.html>) \n[_CVE-2012-1972_](<https://www.redhat.com/security/data/cve/CVE-2012-1972.html>) \n[_CVE-2012-1973_](<https://www.redhat.com/security/data/cve/CVE-2012-1973.html>) \n[_CVE-2012-1974_](<https://www.redhat.com/security/data/cve/CVE-2012-1974.html>) \n[_CVE-2012-1975_](<https://www.redhat.com/security/data/cve/CVE-2012-1975.html>) \n[_CVE-2012-1976_](<https://www.redhat.com/security/data/cve/CVE-2012-1976.html>) \n[_CVE-2012-3956_](<https://www.redhat.com/security/data/cve/CVE-2012-3956.html>) \n[_CVE-2012-3957_](<https://www.redhat.com/security/data/cve/CVE-2012-3957.html>) \n[_CVE-2012-3958_](<https://www.redhat.com/security/data/cve/CVE-2012-3958.html>) \n[_CVE-2012-3959_](<https://www.redhat.com/security/data/cve/CVE-2012-3959.html>) \n[_CVE-2012-3960_](<https://www.redhat.com/security/data/cve/CVE-2012-3960.html>) \n[_CVE-2012-3961_](<https://www.redhat.com/security/data/cve/CVE-2012-3961.html>) \n[_CVE-2012-3962_](<https://www.redhat.com/security/data/cve/CVE-2012-3962.html>) \n[_CVE-2012-3963_](<https://www.redhat.com/security/data/cve/CVE-2012-3963.html>) \n[_CVE-2012-3964_](<https://www.redhat.com/security/data/cve/CVE-2012-3964.html>) \n[_CVE-2012-3966_](<https://www.redhat.com/security/data/cve/CVE-2012-3966.html>) \n[_CVE-2012-3967_](<https://www.redhat.com/security/data/cve/CVE-2012-3967.html>) \n[_CVE-2012-3968_](<https://www.redhat.com/security/data/cve/CVE-2012-3968.html>) \n[_CVE-2012-3969_](<https://www.redhat.com/security/data/cve/CVE-2012-3969.html>) \n[_CVE-2012-3970_](<https://www.redhat.com/security/data/cve/CVE-2012-3970.html>) \n[_CVE-2012-3972_](<https://www.redhat.com/security/data/cve/CVE-2012-3972.html>) \n[_CVE-2012-3976_](<https://www.redhat.com/security/data/cve/CVE-2012-3976.html>) \n[_CVE-2012-3978_](<https://www.redhat.com/security/data/cve/CVE-2012-3978.html>) \n[_CVE-2012-3980_](<https://www.redhat.com/security/data/cve/CVE-2012-3980.html>) \nRed Hat| [_RHSA-2012-1350_](<https://rhn.redhat.com/errata/RHSA-2012-1350.html>)| Critical: Firefox security and bug fix update| [_CVE-2012-1956_](<https://www.redhat.com/security/data/cve/CVE-2012-1956.html>) \n[_CVE-2012-3982_](<https://www.redhat.com/security/data/cve/CVE-2012-3982.html>) \n[_CVE-2012-3986_](<https://www.redhat.com/security/data/cve/CVE-2012-3986.html>) \n[_CVE-2012-3988_](<https://www.redhat.com/security/data/cve/CVE-2012-3988.html>) \n[_CVE-2012-3990_](<https://www.redhat.com/security/data/cve/CVE-2012-3990.html>) \n[_CVE-2012-3991_](<https://www.redhat.com/security/data/cve/CVE-2012-3991.html>) \n[_CVE-2012-3992_](<https://www.redhat.com/security/data/cve/CVE-2012-3992.html>) \n[_CVE-2012-3993_](<https://www.redhat.com/security/data/cve/CVE-2012-3993.html>) \n[_CVE-2012-3994_](<https://www.redhat.com/security/data/cve/CVE-2012-3994.html>) \n[_CVE-2012-3995_](<https://www.redhat.com/security/data/cve/CVE-2012-3995.html>) \n[_CVE-2012-4179_](<https://www.redhat.com/security/data/cve/CVE-2012-4179.html>) \n[_CVE-2012-4180_](<https://www.redhat.com/security/data/cve/CVE-2012-4180.html>) \n[_CVE-2012-4181_](<https://www.redhat.com/security/data/cve/CVE-2012-4181.html>) \n[_CVE-2012-4182_](<https://www.redhat.com/security/data/cve/CVE-2012-4182.html>) \n[_CVE-2012-4183_](<https://www.redhat.com/security/data/cve/CVE-2012-4183.html>) \n[_CVE-2012-4184_](<https://www.redhat.com/security/data/cve/CVE-2012-4184.html>) \n[_CVE-2012-4185_](<https://www.redhat.com/security/data/cve/CVE-2012-4185.html>) \n[_CVE-2012-4186_](<https://www.redhat.com/security/data/cve/CVE-2012-4186.html>) \n[_CVE-2012-4187_](<https://www.redhat.com/security/data/cve/CVE-2012-4187.html>) \n[_CVE-2012-4188_](<https://www.redhat.com/security/data/cve/CVE-2012-4188.html>) \nRed Hat| [_RHSA-2012-1361_](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)| Critical: xulrunner security update| [_CVE-2012-4193_](<https://www.redhat.com/security/data/cve/CVE-2012-4193.html>) \nRed Hat| [_RHSA-2012-1407_](<https://rhn.redhat.com/errata/RHSA-2012-1407.html>)| Critical: Firefox security update| [_CVE-2012-4194_](<https://www.redhat.com/security/data/cve/CVE-2012-4194.html>) \n[_CVE-2012-4195_](<https://www.redhat.com/security/data/cve/CVE-2012-4195.html>) \n[_CVE-2012-4196_](<https://www.redhat.com/security/data/cve/CVE-2012-4196.html>) \nRed Hat| [_RHSA-2012-1482_](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)| Critical: Firefox security update| [_CVE-2012-4201_](<https://www.redhat.com/security/data/cve/CVE-2012-4201.html>) \n[_CVE-2012-4202_](<https://www.redhat.com/security/data/cve/CVE-2012-4202.html>) \n[_CVE-2012-4207_](<https://www.redhat.com/security/data/cve/CVE-2012-4207.html>) \n[_CVE-2012-4209_](<https://www.redhat.com/security/data/cve/CVE-2012-4209.html>) \n[_CVE-2012-4210_](<https://www.redhat.com/security/data/cve/CVE-2012-4210.html>) \n[_CVE-2012-4214_](<https://www.redhat.com/security/data/cve/CVE-2012-4214.html>) \n[_CVE-2012-4215_](<https://www.redhat.com/security/data/cve/CVE-2012-4215.html>) \n[_CVE-2012-4216_](<https://www.redhat.com/security/data/cve/CVE-2012-4216.html>) \n[_CVE-2012-5829_](<https://www.redhat.com/security/data/cve/CVE-2012-5829.html>) \n[_CVE-2012-5830_](<https://www.redhat.com/security/data/cve/CVE-2012-5830.html>) \n[_CVE-2012-5833_](<https://www.redhat.com/security/data/cve/CVE-2012-5833.html>) \n[_CVE-2012-5835_](<https://www.redhat.com/security/data/cve/CVE-2012-5835.html>) \n[_CVE-2012-5839_](<https://www.redhat.com/security/data/cve/CVE-2012-5839.html>) \n[_CVE-2012-5840_](<https://www.redhat.com/security/data/cve/CVE-2012-5840.html>) \n[_CVE-2012-5841_](<https://www.redhat.com/security/data/cve/CVE-2012-5841.html>) \n[_CVE-2012-5842_](<https://www.redhat.com/security/data/cve/CVE-2012-5842.html>) \nRed Hat| [_RHSA-2012-0699_](<https://rhn.redhat.com/errata/RHSA-2012-0699.html>)| Moderate: openssl security and bug fix update| [_CVE-2012-2333_](<https://www.redhat.com/security/data/cve/CVE-2012-2333.html>) \nRed Hat| [_RHSA-2012-0518_](<https://rhn.redhat.com/errata/RHSA-2012-0518.html>)| Important: openssl security update| [_CVE-2012-2110_](<https://www.redhat.com/security/data/cve/CVE-2012-2110.html>) \nRed Hat| [_RHSA-2012-0426_](<https://rhn.redhat.com/errata/RHSA-2012-0426.html>)| Moderate: openssl security and bug fix update| [_CVE-2012-0884_](<https://www.redhat.com/security/data/cve/CVE-2012-0884.html>) \n[_CVE-2012-1165_](<https://www.redhat.com/security/data/cve/CVE-2012-1165.html>) \n \n**DESCRIPTION:** \nStorwize V7000 Unified has integrated updated versions of the software components for which the vendors have provided fixes for security vulnerabilities. \n \n \n**CVSS:** \nPlease see vendor documentation for CVSS scores and CVSS vector. \n \n \n**AFFECTED PLATFORMS: **\n\n * **_Affected releases:_**\n * _Storwize V7000 Unified 1.3 code stream_: Storwize V7000 Unified 1.3.0.0 through 1.3.2.0. \n * _Storwize V7000 Unified 1.4 code stream_: Storwize V7000 Unified 1.4.0.X. \n * **_Releases/systems/configurations NOT affected: _**\n * _Storwize V7000 Unified 1.3 code stream_: Storwize V7000 Unified 1.3.2.3 and above. \n * _Storwize V7000 Unified 1.4 code stream_: Refer remediation section below for the list of issues fixed in 1.4.0.4 and 1.4.1.0. \n \n\n\n**REMEDIATION: **\n\n \n**_Vendor Fix(es):_** \n_Storwize V7000 Unified 1.3 code stream_: The issues were fixed beginning with version Storwize V7000 Unified 1.3.2.3. Storwize V7000 Unified customers running an earlier version (e.g. Storwize V7000 Unified 1.3.2.0) must upgrade to Storwize V7000 Unified 1.3.2.3 or a later version in order to get these fixes. \n_Storwize V7000 Unified 1.4 code stream_**:** The OpenSSL issues ([_CVE-2012-2333_](<https://www.redhat.com/security/data/cve/CVE-2012-2333.html>), [_CVE-2012-2110_](<https://www.redhat.com/security/data/cve/CVE-2012-2110.html>), [_CVE-2012-0884_](<https://www.redhat.com/security/data/cve/CVE-2012-0884.html>), [_CVE-2012-1165_](<https://www.redhat.com/security/data/cve/CVE-2012-1165.html>)) were fixed beginning with version Storwize V7000 Unified 1.4.0.4 and above. Remaining CVEs were fixed beginning with version Storwize V7000 Unified 1.4.1.0 and above. \n \n \n**_Workaround(s):_** None. \n \n**_Mitigation(s):_** Storwize V7000 Unified is not exposed to CVEs related to Firefox and Xulrunner during normal operation. Service procedures which use the Firefox web browser may activate the vulnerable code. Service personnel must not browse web pages on the internet to avoid the processing of web pages with malicious content. \n\nCVE-2012-4859 is not directly exploitable on Storwize V7000 Unified, because Storwize V7000 Unified does not provide a capability to logon as native Unix or Linux user.\n\nCVE-2012-5954 impacts only Storwize V7000 Unified systems, which are configured with TSM HSM.\n\n \n \n \n**REFERENCES: ** \n\n\n * [](<https://www-304.ibm.com/support/docview.wss?uid=swg21496117&wv=1>)[__Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>)\n * [__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * * [_TSM 6.3.1.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615292>) \n[_CVE-2012-4859_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4859>) \n[_CVE-2012-5954_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5954>) \n\n * [_IBM Java 6.0.0 SR12_](<https://www.ibm.com/developerworks/java/jdk/alerts/>) \n[_CVE-2012-5081_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081>) \n\n * [_RHSA-2012-1210_](<https://rhn.redhat.com/errata/RHSA-2012-1210.html>) \n[_CVE-2012-1970_](<https://www.redhat.com/security/data/cve/CVE-2012-1970.html>) \n[_CVE-2012-1972_](<https://www.redhat.com/security/data/cve/CVE-2012-1972.html>) \n[_CVE-2012-1973_](<https://www.redhat.com/security/data/cve/CVE-2012-1973.html>) \n[_CVE-2012-1974_](<https://www.redhat.com/security/data/cve/CVE-2012-1974.html>) \n[_CVE-2012-1975_](<https://www.redhat.com/security/data/cve/CVE-2012-1975.html>) \n[_CVE-2012-1976_](<https://www.redhat.com/security/data/cve/CVE-2012-1976.html>) \n[_CVE-2012-3956_](<https://www.redhat.com/security/data/cve/CVE-2012-3956.html>) \n[_CVE-2012-3957_](<https://www.redhat.com/security/data/cve/CVE-2012-3957.html>) \n[_CVE-2012-3958_](<https://www.redhat.com/security/data/cve/CVE-2012-3958.html>) \n[_CVE-2012-3959_](<https://www.redhat.com/security/data/cve/CVE-2012-3959.html>) \n[_CVE-2012-3960_](<https://www.redhat.com/security/data/cve/CVE-2012-3960.html>) \n[_CVE-2012-3961_](<https://www.redhat.com/security/data/cve/CVE-2012-3961.html>) \n[_CVE-2012-3962_](<https://www.redhat.com/security/data/cve/CVE-2012-3962.html>) \n[_CVE-2012-3963_](<https://www.redhat.com/security/data/cve/CVE-2012-3963.html>) \n[_CVE-2012-3964_](<https://www.redhat.com/security/data/cve/CVE-2012-3964.html>) \n[_CVE-2012-3966_](<https://www.redhat.com/security/data/cve/CVE-2012-3966.html>) \n[_CVE-2012-3967_](<https://www.redhat.com/security/data/cve/CVE-2012-3967.html>) \n[_CVE-2012-3968_](<https://www.redhat.com/security/data/cve/CVE-2012-3968.html>) \n[_CVE-2012-3969_](<https://www.redhat.com/security/data/cve/CVE-2012-3969.html>) \n[_CVE-2012-3970_](<https://www.redhat.com/security/data/cve/CVE-2012-3970.html>) \n[_CVE-2012-3972_](<https://www.redhat.com/security/data/cve/CVE-2012-3972.html>) \n[_CVE-2012-3976_](<https://www.redhat.com/security/data/cve/CVE-2012-3976.html>) \n[_CVE-2012-3978_](<https://www.redhat.com/security/data/cve/CVE-2012-3978.html>) \n[_CVE-2012-3980_](<https://www.redhat.com/security/data/cve/CVE-2012-3980.html>) \n\n * [_RHSA-2012-1350_](<https://rhn.redhat.com/errata/RHSA-2012-1350.html>) \n[_CVE-2012-1956_](<https://www.redhat.com/security/data/cve/CVE-2012-1956.html>) \n[_CVE-2012-3982_](<https://www.redhat.com/security/data/cve/CVE-2012-3982.html>) \n[_CVE-2012-3986_](<https://www.redhat.com/security/data/cve/CVE-2012-3986.html>) \n[_CVE-2012-3988_](<https://www.redhat.com/security/data/cve/CVE-2012-3988.html>) \n[_CVE-2012-3990_](<https://www.redhat.com/security/data/cve/CVE-2012-3990.html>) \n[_CVE-2012-3991_](<https://www.redhat.com/security/data/cve/CVE-2012-3991.html>) \n[_CVE-2012-3992_](<https://www.redhat.com/security/data/cve/CVE-2012-3992.html>) \n[_CVE-2012-3993_](<https://www.redhat.com/security/data/cve/CVE-2012-3993.html>) \n[_CVE-2012-3994_](<https://www.redhat.com/security/data/cve/CVE-2012-3994.html>) \n[_CVE-2012-3995_](<https://www.redhat.com/security/data/cve/CVE-2012-3995.html>) \n[_CVE-2012-4179_](<https://www.redhat.com/security/data/cve/CVE-2012-4179.html>) \n[_CVE-2012-4180_](<https://www.redhat.com/security/data/cve/CVE-2012-4180.html>) \n[_CVE-2012-4181_](<https://www.redhat.com/security/data/cve/CVE-2012-4181.html>) \n[_CVE-2012-4182_](<https://www.redhat.com/security/data/cve/CVE-2012-4182.html>) \n[_CVE-2012-4183_](<https://www.redhat.com/security/data/cve/CVE-2012-4183.html>) \n[_CVE-2012-4184_](<https://www.redhat.com/security/data/cve/CVE-2012-4184.html>) \n[_CVE-2012-4185_](<https://www.redhat.com/security/data/cve/CVE-2012-4185.html>) \n[_CVE-2012-4186_](<https://www.redhat.com/security/data/cve/CVE-2012-4186.html>) \n[_CVE-2012-4187_](<https://www.redhat.com/security/data/cve/CVE-2012-4187.html>) \n[_CVE-2012-4188_](<https://www.redhat.com/security/data/cve/CVE-2012-4188.html>) \n\n * [_RHSA-2012-1361_](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>) \n[_CVE-2012-4193_](<https://www.redhat.com/security/data/cve/CVE-2012-4193.html>) \n\n * [_RHSA-2012-1407_](<https://rhn.redhat.com/errata/RHSA-2012-1407.html>) \n[_CVE-2012-4194_](<https://www.redhat.com/security/data/cve/CVE-2012-4194.html>) \n[_CVE-2012-4195_](<https://www.redhat.com/security/data/cve/CVE-2012-4195.html>) \n[_CVE-2012-4196_](<https://www.redhat.com/security/data/cve/CVE-2012-4196.html>) \n\n * [_RHSA-2012-1482_](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>) \n[_CVE-2012-4201_](<https://www.redhat.com/security/data/cve/CVE-2012-4201.html>) \n[_CVE-2012-4202_](<https://www.redhat.com/security/data/cve/CVE-2012-4202.html>) \n[_CVE-2012-4207_](<https://www.redhat.com/security/data/cve/CVE-2012-4207.html>) \n[_CVE-2012-4209_](<https://www.redhat.com/security/data/cve/CVE-2012-4209.html>) \n[_CVE-2012-4210_](<https://www.redhat.com/security/data/cve/CVE-2012-4210.html>) \n[_CVE-2012-4214_](<https://www.redhat.com/security/data/cve/CVE-2012-4214.html>) \n[_CVE-2012-4215_](<https://www.redhat.com/security/data/cve/CVE-2012-4215.html>) \n[_CVE-2012-4216_](<https://www.redhat.com/security/data/cve/CVE-2012-4216.html>) \n[_CVE-2012-5829_](<https://www.redhat.com/security/data/cve/CVE-2012-5829.html>) \n[_CVE-2012-5830_](<https://www.redhat.com/security/data/cve/CVE-2012-5830.html>) \n[_CVE-2012-5833_](<https://www.redhat.com/security/data/cve/CVE-2012-5833.html>) \n[_CVE-2012-5835_](<https://www.redhat.com/security/data/cve/CVE-2012-5835.html>) \n[_CVE-2012-5839_](<https://www.redhat.com/security/data/cve/CVE-2012-5839.html>) \n[_CVE-2012-5840_](<https://www.redhat.com/security/data/cve/CVE-2012-5840.html>) \n[_CVE-2012-5841_](<https://www.redhat.com/security/data/cve/CVE-2012-5841.html>) \n[_CVE-2012-5842_](<https://www.redhat.com/security/data/cve/CVE-2012-5842.html>)\n * [_RHSA-2012-0699_](<https://rhn.redhat.com/errata/RHSA-2012-0699.html>) \n[_CVE-2012-2333_](<https://www.redhat.com/security/data/cve/CVE-2012-2333.html>) \n\n * [_RHSA-2012-0518_](<https://rhn.redhat.com/errata/RHSA-2012-0518.html>) \n[_CVE-2012-2110_](<https://www.redhat.com/security/data/cve/CVE-2012-2110.html>) \n\n * [_RHSA-2012-0426_](<https://rhn.redhat.com/errata/RHSA-2012-0426.html>) \n[_CVE-2012-0884_](<https://www.redhat.com/security/data/cve/CVE-2012-0884.html>) \n[_CVE-2012-1165_](<https://www.redhat.com/security/data/cve/CVE-2012-1165.html>) \n\n \n**RELATED INFORMATION: ** \n\n\n * [_IBM Secure Engineering Web Portal_](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)\n * [_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>)\n \n \n \n**CHANGE HISTORY: ** \n\n\n * _03/18/13: Original copy published._\n\n_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" _ \n_IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"ST5Q4U\",\"label\":\"IBM Storwize V7000 Unified (2073)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"1.4\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.3;1.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-26T04:23:14", "type": "ibm", "title": "Security Bulletin: Storwize V7000 Unified V1.4.1.0 Includes Fixes for Multiple Vendor Security Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1956", "CVE-2012-1970", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-2110", "CVE-2012-2333", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3972", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3980", "CVE-2012-3982", "CVE-2012-3986", "CVE-2012-3988", "CVE-2012-3990", "CVE-2012-3991", "CVE-2012-3992", "CVE-2012-3993", "CVE-2012-3994", "CVE-2012-3995", "CVE-2012-4179", "CVE-2012-4180", "CVE-2012-4181", "CVE-2012-4182", "CVE-2012-4183", "CVE-2012-4184", "CVE-2012-4185", "CVE-2012-4186", "CVE-2012-4187", "CVE-2012-4188", "CVE-2012-4193", "CVE-2012-4194", "CVE-2012-4195", "CVE-2012-4196", "CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4207", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4859", "CVE-2012-5081", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5954"], "modified": "2022-09-26T04:23:14", "id": "D6EE1AE15F7BD96FCB1799E31A9E36026979DFE8E702302D459578E3398E8FC4", "href": "https://www.ibm.com/support/pages/node/689123", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:1211-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870817", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870817", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:1211-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00030.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870817\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:23 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1211-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:1211-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-1970,\n CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,\n CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,\n CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n\n Content containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Thunderbird to crash or, potentially, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-3969,\n CVE-2012-3970)\n\n Two flaws were found in the way Thunderbird rendered certain images using\n WebGL. Malicious content could cause Thunderbird to crash or, under certain\n conditions, possibly execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-3967, CVE-2012-3968)\n\n A flaw was found in the way Thunderbird decoded embedded bitmap images in\n Icon Format (ICO) files. Content containing a malicious ICO file could\n cause Thunderbird to crash or, under certain conditions, possibly execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3966)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John\n Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Frederic\n Hoguin, miaubiz, Arthur Gerkis, Nicolas Gregoire, moz_bug_r_a4, and Colby\n Russell as the original reporters of these issues.\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:07:20", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:1211-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:870817", "href": "http://plugins.openvas.org/nasl.php?oid=870817", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:1211-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-1970,\n CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,\n CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,\n CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n\n Content containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Thunderbird to crash or, potentially, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-3969,\n CVE-2012-3970)\n\n Two flaws were found in the way Thunderbird rendered certain images using\n WebGL. Malicious content could cause Thunderbird to crash or, under certain\n conditions, possibly execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-3967, CVE-2012-3968)\n\n A flaw was found in the way Thunderbird decoded embedded bitmap images in\n Icon Format (ICO) files. Content containing a malicious ICO file could\n cause Thunderbird to crash or, under certain conditions, possibly execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3966)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John\n Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Fr\u00e9d\u00e9ric\n Hoguin, miaubiz, Arthur Gerkis, Nicolas Gr\u00e9goire, moz_bug_r_a4, and Colby\n Russell as the original reporters of these issues.\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00030.html\");\n script_id(870817);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:23 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1211-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:1211-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1211 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881480", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1211 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-August/018833.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881480\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:44:44 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1211\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1211 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-1970,\n CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,\n CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,\n CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n\n Content containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Thunderbird to crash or, potentially, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-3969,\n CVE-2012-3970)\n\n Two flaws were found in the way Thunderbird rendered certain images using\n WebGL. Malicious content could cause Thunderbird to crash or, under certain\n conditions, possibly execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-3967, CVE-2012-3968)\n\n A flaw was found in the way Thunderbird decoded embedded bitmap images in\n Icon Format (ICO) files. Content containing a malicious ICO file could\n cause Thunderbird to crash or, under certain conditions, possibly execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3966)\n\n A flaw was found in the way the 'eval' command was handled by the\n Thunderbird Error Console. Running 'eval' in the Error Console while\n viewing malicious content could possibly cause Thunderbird to execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3980)\n\n An out-of-bounds memory read flaw was found in the way Thunderbird used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). Malicious content could possibly cause an information\n leak, or cause Thunderbird to crash. (CVE-2012-3972)\n\n A flaw was found in the location object implementation in Thunderbird.\n Malicious content could use this flaw to possibly allow restricted content\n to be loaded. (CVE-2012-3978)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John\n Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Fr\u00e9d\u00e9ric\n Hoguin, miaubiz, Arthur Gerkis, Nicolas Gr\u00e9goire, moz_bug_r_a4, and Colby\n Russell as the original reporters of these issues.\n\n Note: All issues except CVE-2012-3969 and CVE-2012-3970 cannot be exploited\n by a specially-crafted HTML mail message as JavaScrip ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.7~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:57:56", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1211 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:881478", "href": "http://plugins.openvas.org/nasl.php?oid=881478", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1211 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-1970,\n CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,\n CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,\n CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n \n Content containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Thunderbird to crash or, potentially, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-3969,\n CVE-2012-3970)\n \n Two flaws were found in the way Thunderbird rendered certain images using\n WebGL. Malicious content could cause Thunderbird to crash or, under certain\n conditions, possibly execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-3967, CVE-2012-3968)\n \n A flaw was found in the way Thunderbird decoded embedded bitmap images in\n Icon Format (ICO) files. Content containing a malicious ICO file could\n cause Thunderbird to crash or, under certain conditions, possibly execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3966)\n \n A flaw was found in the way the &quot;eval&quot; command was handled by the\n Thunderbird Error Console. Running &quot;eval&quot; in the Error Console while\n viewing malicious content could possibly cause Thunderbird to execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3980)\n \n An out-of-bounds memory read flaw was found in the way Thunderbird used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). Malicious content could possibly cause an information\n leak, or cause Thunderbird to crash. (CVE-2012-3972)\n \n A flaw was found in the location object implementation in Thunderbird.\n Malicious content could use this flaw to possibly allow restricted content\n to be loaded. (CVE-2012-3978)\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John\n Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Fr\u00e9d\u00e9ric\n Hoguin, miaubiz, Arthur Gerkis, Nicolas Gr\u00e9goire, moz_bug_r_a4, and Colby\n Russell as the original reporters of these issues.\n \n Note: All issues except CVE-2012-3969 and CVE-2012-3970 cannot be exploited\n by a specially-crafted HTML mail message as JavaScrip ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"thunderbird on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-August/018835.html\");\n script_id(881478);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:40:41 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1211\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1211 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:1210-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870818", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870818", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:1210-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00029.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870818\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:37:45 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3976\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1210-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:1210-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974,\n CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958,\n CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,\n CVE-2012-3964)\n\n A web page containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970)\n\n Two flaws were found in the way Firefox rendered certain images using\n WebGL. A web page containing malicious content could cause Firefox to crash\n or, under certain conditions, possibly execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968)\n\n A flaw was found in the way Firefox decoded embedded bitmap images in Icon\n Format (ICO) files. A web page containing a malicious ICO file could cause\n Firefox to crash or, under certain conditions, possibly execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2012-3966)\n\n A flaw was found in the way the 'eval' command was handled by the Firefox\n Web Console. Running 'eval' in the Web Console while viewing a web page\n containing malicious content could possibly cause Firefox to execute\n arbitrary code with the privileges of the user running Firefox.\n (CVE-2012-3980)\n\n An out-of-bounds memory read flaw was found in the way Firefox used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). A web page containing malicious content could possibly\n cause an information leak, or cause Firefox to crash. (CVE-2012-3972)\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.7~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.7~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.7~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:08", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:1210-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:870818", "href": "http://plugins.openvas.org/nasl.php?oid=870818", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:1210-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974,\n CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958,\n CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,\n CVE-2012-3964)\n\n A web page containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970)\n\n Two flaws were found in the way Firefox rendered certain images using\n WebGL. A web page containing malicious content could cause Firefox to crash\n or, under certain conditions, possibly execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968)\n\n A flaw was found in the way Firefox decoded embedded bitmap images in Icon\n Format (ICO) files. A web page containing a malicious ICO file could cause\n Firefox to crash or, under certain conditions, possibly execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2012-3966)\n\n A flaw was found in the way the &quot;eval&quot; command was handled by the Firefox\n Web Console. Running &quot;eval&quot; in the Web Console while viewing a web page\n containing malicious content could possibly cause Firefox to execute\n arbitrary code with the privileges of the user running Firefox.\n (CVE-2012-3980)\n\n An out-of-bounds memory read flaw was found in the way Firefox used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). A web page containing malicious content could possibly\n cause an information leak, or cause Firefox to crash. (CVE-2012-3972)\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00029.html\");\n script_id(870818);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:37:45 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3976\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1210-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:1210-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.7~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.7~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.7~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.7~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:10", "description": "Oracle Linux Local Security Checks ELSA-2012-1211", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1211", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123835", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123835", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1211.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123835\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1211\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1211 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1211\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1211.html\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3972\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.7~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:58:27", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1211 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:881480", "href": "http://plugins.openvas.org/nasl.php?oid=881480", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1211 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-1970,\n CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,\n CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,\n CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n \n Content containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Thunderbird to crash or, potentially, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-3969,\n CVE-2012-3970)\n \n Two flaws were found in the way Thunderbird rendered certain images using\n WebGL. Malicious content could cause Thunderbird to crash or, under certain\n conditions, possibly execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-3967, CVE-2012-3968)\n \n A flaw was found in the way Thunderbird decoded embedded bitmap images in\n Icon Format (ICO) files. Content containing a malicious ICO file could\n cause Thunderbird to crash or, under certain conditions, possibly execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3966)\n \n A flaw was found in the way the &quot;eval&quot; command was handled by the\n Thunderbird Error Console. Running &quot;eval&quot; in the Error Console while\n viewing malicious content could possibly cause Thunderbird to execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3980)\n \n An out-of-bounds memory read flaw was found in the way Thunderbird used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). Malicious content could possibly cause an information\n leak, or cause Thunderbird to crash. (CVE-2012-3972)\n \n A flaw was found in the location object implementation in Thunderbird.\n Malicious content could use this flaw to possibly allow restricted content\n to be loaded. (CVE-2012-3978)\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John\n Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Fr\u00e9d\u00e9ric\n Hoguin, miaubiz, Arthur Gerkis, Nicolas Gr\u00e9goire, moz_bug_r_a4, and Colby\n Russell as the original reporters of these issues.\n \n Note: All issues except CVE-2012-3969 and CVE-2012-3970 cannot be exploited\n by a specially-crafted HTML mail message as JavaScrip ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-August/018833.html\");\n script_id(881480);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:44:44 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1211\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1211 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.7~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:56:43", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1210 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:881481", "href": "http://plugins.openvas.org/nasl.php?oid=881481", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1210 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974,\n CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958,\n CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,\n CVE-2012-3964)\n \n A web page containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970)\n \n Two flaws were found in the way Firefox rendered certain images using\n WebGL. A web page containing malicious content could cause Firefox to crash\n or, under certain conditions, possibly execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968)\n \n A flaw was found in the way Firefox decoded embedded bitmap images in Icon\n Format (ICO) files. A web page containing a malicious ICO file could cause\n Firefox to crash or, under certain conditions, possibly execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2012-3966)\n \n A flaw was found in the way the &quot;eval&quot; command was handled by the Firefox\n Web Console. Running &quot;eval&quot; in the Web Console while viewing a web page\n containing malicious content could possibly cause Firefox to execute\n arbitrary code with the privileges of the user running Firefox.\n (CVE-2012-3980)\n \n An out-of-bounds memory read flaw was found in the way Firefox used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). A web page containing malicious content could possibly\n cause an information leak, or cause Firefox to crash. (CVE-2012-3972)\n \n It was found that the SSL certificate information for a previously visited\n site could be displayed in the address bar while the main window displayed\n a new page. This could lead to phishing attacks as attackers could use this\n flaw to trick users into believing they are viewing a trusted site.\n (CVE-2012-3976)\n \n A flaw was found in the location object implementation in Firefox.\n Malicious content could use this flaw to possibly allow restricted content\n to be loaded. (CVE-2012-3978)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.7 ESR. You can find a link to the Mozilla\n advisories in ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-August/018834.html\");\n script_id(881481);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:46:59 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3976\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1210\");\n script_name(\"CentOS Update for firefox CESA-2012:1210 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1210 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881481", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881481", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1210 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-August/018834.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881481\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:46:59 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3976\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1210\");\n script_name(\"CentOS Update for firefox CESA-2012:1210 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974,\n CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958,\n CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,\n CVE-2012-3964)\n\n A web page containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970)\n\n Two flaws were found in the way Firefox rendered certain images using\n WebGL. A web page containing malicious content could cause Firefox to crash\n or, under certain conditions, possibly execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968)\n\n A flaw was found in the way Firefox decoded embedded bitmap images in Icon\n Format (ICO) files. A web page containing a malicious ICO file could cause\n Firefox to crash or, under certain conditions, possibly execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2012-3966)\n\n A flaw was found in the way the 'eval' command was handled by the Firefox\n Web Console. Running 'eval' in the Web Console while viewing a web page\n containing malicious content could possibly cause Firefox to execute\n arbitrary code with the privileges of the user running Firefox.\n (CVE-2012-3980)\n\n An out-of-bounds memory read flaw was found in the way Firefox used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). A web page containing malicious content could possibly\n cause an information leak, or cause Firefox to crash. (CVE-2012-3972)\n\n It was found that the SSL certificate information for a previously visited\n site could be displayed in the address bar while the main window displayed\n a new page. This could lead to phishing attacks as attackers could use this\n flaw to trick users into believing they are viewing a trusted site.\n (CVE-2012-3976)\n\n A flaw was found in the location object implementation in Firefox.\n Malicious content could use this flaw to possibly allow restricted content\n to be loaded. (CVE-2012-3978)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.7 ESR. You can find a link to the Mozilla\n advisories in ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:56:30", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1210 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:881479", "href": "http://plugins.openvas.org/nasl.php?oid=881479", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1210 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974,\n CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958,\n CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,\n CVE-2012-3964)\n \n A web page containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970)\n \n Two flaws were found in the way Firefox rendered certain images using\n WebGL. A web page containing malicious content could cause Firefox to crash\n or, under certain conditions, possibly execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968)\n \n A flaw was found in the way Firefox decoded embedded bitmap images in Icon\n Format (ICO) files. A web page containing a malicious ICO file could cause\n Firefox to crash or, under certain conditions, possibly execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2012-3966)\n \n A flaw was found in the way the &quot;eval&quot; command was handled by the Firefox\n Web Console. Running &quot;eval&quot; in the Web Console while viewing a web page\n containing malicious content could possibly cause Firefox to execute\n arbitrary code with the privileges of the user running Firefox.\n (CVE-2012-3980)\n \n An out-of-bounds memory read flaw was found in the way Firefox used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). A web page containing malicious content could possibly\n cause an information leak, or cause Firefox to crash. (CVE-2012-3972)\n \n It was found that the SSL certificate information for a previously visited\n site could be displayed in the address bar while the main window displayed\n a new page. This could lead to phishing attacks as attackers could use this\n flaw to trick users into believing they are viewing a trusted site.\n (CVE-2012-3976)\n \n A flaw was found in the location object implementation in Firefox.\n Malicious content could use this flaw to possibly allow restricted content\n to be loaded. (CVE-2012-3978)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.7 ESR. You can find a link to the Mozilla\n advisories in ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-August/018832.html\");\n script_id(881479);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:42:44 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3976\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1210\");\n script_name(\"CentOS Update for firefox CESA-2012:1210 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~2.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.7~2.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1210 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881479", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881479", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1210 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-August/018832.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881479\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:42:44 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3976\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1210\");\n script_name(\"CentOS Update for firefox CESA-2012:1210 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974,\n CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958,\n CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,\n CVE-2012-3964)\n\n A web page containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970)\n\n Two flaws were found in the way Firefox rendered certain images using\n WebGL. A web page containing malicious content could cause Firefox to crash\n or, under certain conditions, possibly execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968)\n\n A flaw was found in the way Firefox decoded embedded bitmap images in Icon\n Format (ICO) files. A web page containing a malicious ICO file could cause\n Firefox to crash or, under certain conditions, possibly execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2012-3966)\n\n A flaw was found in the way the 'eval' command was handled by the Firefox\n Web Console. Running 'eval' in the Web Console while viewing a web page\n containing malicious content could possibly cause Firefox to execute\n arbitrary code with the privileges of the user running Firefox.\n (CVE-2012-3980)\n\n An out-of-bounds memory read flaw was found in the way Firefox used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). A web page containing malicious content could possibly\n cause an information leak, or cause Firefox to crash. (CVE-2012-3972)\n\n It was found that the SSL certificate information for a previously visited\n site could be displayed in the address bar while the main window displayed\n a new page. This could lead to phishing attacks as attackers could use this\n flaw to trick users into believing they are viewing a trusted site.\n (CVE-2012-3976)\n\n A flaw was found in the location object implementation in Firefox.\n Malicious content could use this flaw to possibly allow restricted content\n to be loaded. (CVE-2012-3978)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.7 ESR. You can find a link to the Mozilla\n advisories in ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~2.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.7~2.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1211 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881478", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1211 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-August/018835.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881478\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:40:41 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\",\n \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\",\n \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\",\n \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\",\n \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\",\n \"CVE-2012-3972\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1211\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1211 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-1970,\n CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,\n CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,\n CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n\n Content containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Thunderbird to crash or, potentially, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-3969,\n CVE-2012-3970)\n\n Two flaws were found in the way Thunderbird rendered certain images using\n WebGL. Malicious content could cause Thunderbird to crash or, under certain\n conditions, possibly execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-3967, CVE-2012-3968)\n\n A flaw was found in the way Thunderbird decoded embedded bitmap images in\n Icon Format (ICO) files. Content containing a malicious ICO file could\n cause Thunderbird to crash or, under certain conditions, possibly execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3966)\n\n A flaw was found in the way the 'eval' command was handled by the\n Thunderbird Error Console. Running 'eval' in the Error Console while\n viewing malicious content could possibly cause Thunderbird to execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-3980)\n\n An out-of-bounds memory read flaw was found in the way Thunderbird used the\n format-number feature of XSLT (Extensible Stylesheet Language\n Transformations). Malicious content could possibly cause an information\n leak, or cause Thunderbird to crash. (CVE-2012-3972)\n\n A flaw was found in the location object implementation in Thunderbird.\n Malicious content could use this flaw to possibly allow restricted content\n to be loaded. (CVE-2012-3978)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John\n Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Fr\u00e9d\u00e9ric\n Hoguin, miaubiz, Arthur Gerkis, Nicolas Gr\u00e9goire, moz_bug_r_a4, and Colby\n Russell as the original reporters of these issues.\n\n Note: All issues except CVE-2012-3969 and CVE-2012-3970 cannot be exploited\n by a specially-crafted HTML mail message as JavaScrip ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:08", "description": "Oracle Linux Local Security Checks ELSA-2012-1210", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1210", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123834", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123834", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1210.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123834\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:10 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1210\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1210 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1210\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1210.html\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\", \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3972\", \"CVE-2012-3976\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~2.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.7~2.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.7~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.7~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.7~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-14T16:16:27", "description": "Oracle Linux Local Security Checks ELSA-2012-1350", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1350", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1350.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123805\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:08:47 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1350\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1350 - firefox security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1350\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1350.html\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\", \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\", \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\", \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\", \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.0.2.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.8~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.0.2.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.8~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:43", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:1350-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:870843", "href": "http://plugins.openvas.org/nasl.php?oid=870843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:1350-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995,\n CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183,\n CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188)\n\n Two flaws in Firefox could allow a malicious website to bypass intended\n restrictions, possibly leading to information disclosure, or Firefox\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n\n Multiple flaws were found in the location object implementation in Firefox.\n Malicious content could be used to perform cross-site scripting attacks,\n script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992,\n CVE-2012-3994)\n\n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Firefox to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.8 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-October/msg00011.html\");\n script_id(870843);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:00:28 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1350-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:1350-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-14T16:15:41", "description": "Oracle Linux Local Security Checks ELSA-2012-1351", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1351", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1351.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123804\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:08:46 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1351\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1351 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1351\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1351.html\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\", \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\", \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\", \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\", \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.8~1.0.2.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.8~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-14T16:23:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1351 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1351 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-October/018929.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881514\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:03:01 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1351\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1351 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-3982,\n CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,\n CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,\n CVE-2012-4187, CVE-2012-4188)\n\n Two flaws in Thunderbird could allow malicious content to bypass intended\n restrictions, possibly leading to information disclosure, or Thunderbird\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n\n Multiple flaws were found in the location object implementation in\n Thunderbird. Malicious content could be used to perform cross-site\n scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956,\n CVE-2012-3992, CVE-2012-3994)\n\n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Thunderbird to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,\n miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,\n moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these\n issues.\n\n Note: None of the issues in this advisory can be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.8 ESR, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.8~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:06:25", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1351 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:881514", "href": "http://plugins.openvas.org/nasl.php?oid=881514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1351 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-3982,\n CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,\n CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,\n CVE-2012-4187, CVE-2012-4188)\n \n Two flaws in Thunderbird could allow malicious content to bypass intended\n restrictions, possibly leading to information disclosure, or Thunderbird\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n \n Multiple flaws were found in the location object implementation in\n Thunderbird. Malicious content could be used to perform cross-site\n scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956,\n CVE-2012-3992, CVE-2012-3994)\n \n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Thunderbird to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,\n miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,\n moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these\n issues.\n \n Note: None of the issues in this advisory can be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.8 ESR, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-October/018929.html\");\n script_id(881514);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:03:01 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1351\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1351 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.8~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-14T16:20:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1350 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1350 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-October/018928.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881512\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:02:01 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1350\");\n script_name(\"CentOS Update for firefox CESA-2012:1350 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995,\n CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183,\n CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188)\n\n Two flaws in Firefox could allow a malicious website to bypass intended\n restrictions, possibly leading to information disclosure, or Firefox\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n\n Multiple flaws were found in the location object implementation in Firefox.\n Malicious content could be used to perform cross-site scripting attacks,\n script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992,\n CVE-2012-3994)\n\n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Firefox to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.8 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,\n miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,\n moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these\n issues.\n\n This update also fixes the following bug:\n\n * In certain environments, storing personal Firefox configuration files\n (~/.mozilla/) on an NFS share, such as when your home directory is on a\n NFS share, led to Firefox functioning incorrectly, for example, navigation\n buttons not working as expected, and bookmarks not saving. This update\n adds a new configuration option, storage.nfs_filesystem, that can be used\n to resolve this issue.\n\n If you experience this issue:\n\n 1) Start Firefox.\n\n 2) Type 'about:config' (without quotes) into the URL bar and press the\n Enter key.\n\n 3) If prompted with 'This might void your warranty!', click the 'I'll be\n careful, I promise!' button.\n\n 4) Right-click in the ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.8~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:25", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1350 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:881513", "href": "http://plugins.openvas.org/nasl.php?oid=881513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1350 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995,\n CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183,\n CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188)\n \n Two flaws in Firefox could allow a malicious website to bypass intended\n restrictions, possibly leading to information disclosure, or Firefox\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n \n Multiple flaws were found in the location object implementation in Firefox.\n Malicious content could be used to perform cross-site scripting attacks,\n script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992,\n CVE-2012-3994)\n \n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Firefox to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.8 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,\n miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,\n moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these\n issues.\n \n This update also fixes the following bug:\n \n * In certain environments, storing personal Firefox configuration files\n (~/.mozilla/) on an NFS share, such as when your home directory is on a\n NFS share, led to Firefox functioning incorrectly, for example, navigation\n buttons not working as expected, and bookmarks not saving. This update\n adds a new configuration option, storage.nfs_filesystem, that can be used\n to resolve this issue.\n \n If you experience this issue:\n \n 1) Start Firefox.\n \n 2) Type &quot;about:config&quot; (without quotes) into the URL bar and press the\n Enter key.\n \n 3) If prompted with &quot;This might void your warranty!&quot;, click the &quot;I'll be\n careful, I promise!&quot; button.\n \n 4) Right-click in the ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-October/018930.html\");\n script_id(881513);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:02:34 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1350\");\n script_name(\"CentOS Update for firefox CESA-2012:1350 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.8~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-14T16:22:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1351 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1351 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-October/018931.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881515\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:03:30 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1351\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1351 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-3982,\n CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,\n CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,\n CVE-2012-4187, CVE-2012-4188)\n\n Two flaws in Thunderbird could allow malicious content to bypass intended\n restrictions, possibly leading to information disclosure, or Thunderbird\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n\n Multiple flaws were found in the location object implementation in\n Thunderbird. Malicious content could be used to perform cross-site\n scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956,\n CVE-2012-3992, CVE-2012-3994)\n\n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Thunderbird to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,\n miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,\n moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these\n issues.\n\n Note: None of the issues in this advisory can be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.8 ESR, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.8~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-14T16:26:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:1350-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:1350-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-October/msg00011.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870843\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:00:28 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1350-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:1350-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995,\n CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183,\n CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188)\n\n Two flaws in Firefox could allow a malicious website to bypass intended\n restrictions, possibly leading to information disclosure, or Firefox\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n\n Multiple flaws were found in the location object implementation in Firefox.\n Malicious content could be used to perform cross-site scripting attacks,\n script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992,\n CVE-2012-3994)\n\n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Firefox to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.8 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.8~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-26T15:07:25", "description": "This host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310803353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803353\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:30:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-94.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-96.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-97.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-99.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the browser.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.14 on Windows\");\n script_tag(name:\"insight\", value:\"Multiple error exists\n\n - When combining SVG text with the setting of CSS properties.\n\n - Within the 'copyTexImage2D' implementation in the WebGL subsystem and\n in the XrayWrapper implementation.\n\n - Within 'str_unescape' in the Javascript engin and in 'XMLHttpRequest'\n objects created within sandboxes.\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version to 2.14 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\n\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.14\"))\n {\n report = report_fixed_ver(installed_version:seaVer, fixed_version:\"2.14\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-26T15:06:57", "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310803354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803354", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803354\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:30:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-94.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-96.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-97.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-99.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"Thunderbird version before 17.0 on Windows\");\n script_tag(name:\"insight\", value:\"Multiple errors exist:\n\n - When combining SVG text with the setting of CSS properties.\n\n - Within the 'copyTexImage2D' implementation in the WebGL subsystem and\n in the XrayWrapper implementation.\n\n - Within 'str_unescape' in the Javascript engin and in 'XMLHttpRequest'\n objects created within sandboxes.\");\n script_tag(name:\"solution\", value:\"Upgrade to Thunderbird version to 17.0 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\n\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"17.0\"))\n {\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"17.0\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:59", "description": "This host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-05-10T00:00:00", "id": "OPENVAS:803362", "href": "http://plugins.openvas.org/nasl.php?oid=803362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_seamonkey_mult_vuln01_nov12_macosx.nasl 6093 2017-05-10 09:03:18Z teissa $\n#\n# Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\n Impact Level: System/Application\";\n\ntag_affected = \"SeaMonkey version before 2.14 on Mac OS X\";\ntag_insight = \"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n - Error when rendering GIF images.\";\ntag_solution = \"Upgrade to SeaMonkey version to 2.14 or later,\n http://www.mozilla.org/projects/seamonkey\";\ntag_summary = \"This host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803362);\n script_version(\"$Revision: 6093 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-10 11:03:18 +0200 (Wed, 10 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51358\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027791\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027792\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nseaVer = \"\";\n\n# Get version from KB\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.14\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1483 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1483 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-November/019009.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881543\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:46:46 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-5829\",\n \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5839\",\n \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1483\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1483 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-4214,\n CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833,\n CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842)\n\n A buffer overflow flaw was found in the way Thunderbird handled GIF\n (Graphics Interchange Format) images. Content containing a malicious GIF\n image could cause Thunderbird to crash or, possibly, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-4202)\n\n A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character\n encoding. Malicious content could cause Thunderbird to run JavaScript code\n with the permissions of different content. (CVE-2012-4207)\n\n A flaw was found in the location object implementation in Thunderbird.\n Malicious content could possibly use this flaw to allow restricted content\n to be loaded by plug-ins. (CVE-2012-4209)\n\n A flaw was found in the way cross-origin wrappers were implemented.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-5841)\n\n A flaw was found in the evalInSandbox implementation in Thunderbird.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-4201)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz\n Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of\n these issues.\n\n Note: All issues except CVE-2012-4202 cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.11 ESR, which corrects these issues.\n After installing the update, Thunderbird must be restarted for the changes\n to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.11~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-14T16:24:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:1351-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870844", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870844", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:1351-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-October/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870844\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:00:57 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1351-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:1351-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-3982,\n CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,\n CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,\n CVE-2012-4187, CVE-2012-4188)\n\n Two flaws in Thunderbird could allow malicious content to bypass intended\n restrictions, possibly leading to information disclosure, or Thunderbird\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n\n Multiple flaws were found in the location object implementation in\n Thunderbird. Malicious content could be used to perform cross-site\n scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956,\n CVE-2012-3992, CVE-2012-3994)\n\n Note: None of the issues in this advisory can be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.8 ESR, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-14T16:25:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1350 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1350 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-October/018930.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881513\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:02:34 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1350\");\n script_name(\"CentOS Update for firefox CESA-2012:1350 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995,\n CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183,\n CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188)\n\n Two flaws in Firefox could allow a malicious website to bypass intended\n restrictions, possibly leading to information disclosure, or Firefox\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n\n Multiple flaws were found in the location object implementation in Firefox.\n Malicious content could be used to perform cross-site scripting attacks,\n script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992,\n CVE-2012-3994)\n\n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Firefox to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.8 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,\n miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,\n moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these\n issues.\n\n This update also fixes the following bug:\n\n * In certain environments, storing personal Firefox configuration files\n (~/.mozilla/) on an NFS share, such as when your home directory is on a\n NFS share, led to Firefox functioning incorrectly, for example, navigation\n buttons not working as expected, and bookmarks not saving. This update\n adds a new configuration option, storage.nfs_filesystem, that can be used\n to resolve this issue.\n\n If you experience this issue:\n\n 1) Start Firefox.\n\n 2) Type 'about:config' (without quotes) into the URL bar and press the\n Enter key.\n\n 3) If prompted with 'This might void your warranty!', click the 'I'll be\n careful, I promise!' button.\n\n 4) Right-click in the ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.8~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-11T11:05:57", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1350 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:881512", "href": "http://plugins.openvas.org/nasl.php?oid=881512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1350 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995,\n CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183,\n CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188)\n \n Two flaws in Firefox could allow a malicious website to bypass intended\n restrictions, possibly leading to information disclosure, or Firefox\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n \n Multiple flaws were found in the location object implementation in Firefox.\n Malicious content could be used to perform cross-site scripting attacks,\n script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992,\n CVE-2012-3994)\n \n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Firefox to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.8 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,\n miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,\n moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these\n issues.\n \n This update also fixes the following bug:\n \n * In certain environments, storing personal Firefox configuration files\n (~/.mozilla/) on an NFS share, such as when your home directory is on a\n NFS share, led to Firefox functioning incorrectly, for example, navigation\n buttons not working as expected, and bookmarks not saving. This update\n adds a new configuration option, storage.nfs_filesystem, that can be used\n to resolve this issue.\n \n If you experience this issue:\n \n 1) Start Firefox.\n \n 2) Type &quot;about:config&quot; (without quotes) into the URL bar and press the\n Enter key.\n \n 3) If prompted with &quot;This might void your warranty!&quot;, click the &quot;I'll be\n careful, I promise!&quot; button.\n \n 4) Right-click in the ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-October/018928.html\");\n script_id(881512);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:02:01 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1350\");\n script_name(\"CentOS Update for firefox CESA-2012:1350 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.8~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.8~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.8~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:49", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1351 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:881515", "href": "http://plugins.openvas.org/nasl.php?oid=881515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1351 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-3982,\n CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,\n CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,\n CVE-2012-4187, CVE-2012-4188)\n \n Two flaws in Thunderbird could allow malicious content to bypass intended\n restrictions, possibly leading to information disclosure, or Thunderbird\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n \n Multiple flaws were found in the location object implementation in\n Thunderbird. Malicious content could be used to perform cross-site\n scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956,\n CVE-2012-3992, CVE-2012-3994)\n \n Two flaws were found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to perform cross-site scripting attacks or\n cause Thunderbird to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,\n miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,\n moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these\n issues.\n \n Note: None of the issues in this advisory can be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.8 ESR, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\";\n\ntag_affected = \"thunderbird on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-October/018931.html\");\n script_id(881515);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:03:30 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1351\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1351 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.8~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:56:55", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:1351-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-1956", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:870844", "href": "http://plugins.openvas.org/nasl.php?oid=870844", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:1351-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-3982,\n CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,\n CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,\n CVE-2012-4187, CVE-2012-4188)\n\n Two flaws in Thunderbird could allow malicious content to bypass intended\n restrictions, possibly leading to information disclosure, or Thunderbird\n executing arbitrary code. Note that the information disclosure issue could\n possibly be combined with other flaws to achieve arbitrary code execution.\n (CVE-2012-3986, CVE-2012-3991)\n\n Multiple flaws were found in the location object implementation in\n Thunderbird. Malicious content could be used to perform cross-site\n scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956,\n CVE-2012-3992, CVE-2012-3994)\n\n Note: None of the issues in this advisory can be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.8 ESR, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-October/msg00012.html\");\n script_id(870844);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:00:57 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-3982\", \"CVE-2012-3986\", \"CVE-2012-3988\",\n \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\",\n \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\",\n \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\",\n \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1351-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:1351-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.8~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1482 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-4210", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881542", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881542", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1482 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-November/019006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881542\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:45:16 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4210\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\",\n \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1482\");\n script_name(\"CentOS Update for firefox CESA-2012:1482 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the\n XUL Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,\n CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840,\n CVE-2012-5842)\n\n A buffer overflow flaw was found in the way Firefox handled GIF (Graphics\n Interchange Format) images. A web page containing a malicious GIF image\n could cause Firefox to crash or, possibly, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-4202)\n\n A flaw was found in the way the Style Inspector tool in Firefox handled\n certain Cascading Style Sheets (CSS). Running the tool (Tools -> Web\n Developer -> Inspect) on malicious CSS could result in the execution of\n HTML and CSS content with chrome privileges. (CVE-2012-4210)\n\n A flaw was found in the way Firefox decoded the HZ-GB-2312 character\n encoding. A web page containing malicious content could cause Firefox to\n run JavaScript code with the permissions of a different website.\n (CVE-2012-4207)\n\n A flaw was found in the location object implementation in Firefox.\n Malicious content could possibly use this flaw to allow restricted content\n to be loaded by plug-ins. (CVE-2012-4209)\n\n A flaw was found in the way cross-origin wrappers were implemented.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-5841)\n\n A flaw was found in the evalInSandbox implementation in Firefox. Malicious\n content could use this flaw to perform cross-site scripting attacks.\n (CVE-2012-4201)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato\n Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these\n issues.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.11 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.11~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-25T14:53:39", "description": "This host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2019-06-25T00:00:00", "id": "OPENVAS:1361412562310803364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803364\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird-ESR/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"Thunderbird ESR version 10.x before 10.0.11 on Mac OS X\");\n script_tag(name:\"insight\", value:\"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n\n - Error when rendering GIF images.\");\n script_tag(name:\"solution\", value:\"Upgrade to Thunderbird ESR 10.0.11 or later.\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ntbesrVer = get_kb_item(\"Thunderbird-ESR/MacOSX/Version\");\n\nif(tbesrVer && tbesrVer =~ \"^10\\.0\")\n{\n if(version_in_range(version:tbesrVer, test_version:\"10.0\", test_version2:\"10.0.10\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:02", "description": "This host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-05-04T00:00:00", "id": "OPENVAS:803364", "href": "http://plugins.openvas.org/nasl.php?oid=803364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_esr_mult_vuln01_nov12_macosx.nasl 6065 2017-05-04 09:03:08Z teissa $\n#\n# Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\n Impact Level: System/Application\";\n\ntag_affected = \"Thunderbird ESR version 10.x before 10.0.11 on Mac OS X\";\ntag_insight = \"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n - Error when rendering GIF images.\";\ntag_solution = \"Upgrade to Thunderbird ESR 10.0.11 or later,\n http://www.mozilla.org/en-US/thunderbird\";\ntag_summary = \"This host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803364);\n script_version(\"$Revision: 6065 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-04 11:03:08 +0200 (Thu, 04 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51358\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027791\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027792\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"ThunderBird-ESR/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\ntbesrVer = \"\";\n\n# Get version from KB\ntbesrVer = get_kb_item(\"ThunderBird-ESR/MacOSX/Version\");\n\nif(tbesrVer && tbesrVer =~ \"^10.0\")\n{\n # Grep for Thunderbird version\n if(version_in_range(version:tbesrVer, test_version:\"10.0\", test_version2:\"10.0.10\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-26T15:08:32", "description": "This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310803056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803056\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 17.0 on Mac OS X\");\n script_tag(name:\"insight\", value:\"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n\n - Error when rendering GIF images.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 17.0 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\n\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"17.0\"))\n {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"17.0\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:05:44", "description": "This host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310803362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803362\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.14 on Mac OS X\");\n script_tag(name:\"insight\", value:\"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n\n - Error when rendering GIF images.\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version to 2.14 or later.\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.14\"))\n {\n report = report_fixed_ver(installed_version:seaVer, fixed_version:\"2.14\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:25", "description": "Oracle Linux Local Security Checks ELSA-2012-1483", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1483", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123776", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1483.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123776\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:08:24 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1483\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1483 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1483\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1483.html\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.11~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.11~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:58:11", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1483 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:881543", "href": "http://plugins.openvas.org/nasl.php?oid=881543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1483 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-4214,\n CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833,\n CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842)\n \n A buffer overflow flaw was found in the way Thunderbird handled GIF\n (Graphics Interchange Format) images. Content containing a malicious GIF\n image could cause Thunderbird to crash or, possibly, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-4202)\n \n A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character\n encoding. Malicious content could cause Thunderbird to run JavaScript code\n with the permissions of different content. (CVE-2012-4207)\n \n A flaw was found in the location object implementation in Thunderbird.\n Malicious content could possibly use this flaw to allow restricted content\n to be loaded by plug-ins. (CVE-2012-4209)\n \n A flaw was found in the way cross-origin wrappers were implemented.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-5841)\n \n A flaw was found in the evalInSandbox implementation in Thunderbird.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-4201)\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz\n Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of\n these issues.\n \n Note: All issues except CVE-2012-4202 cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.11 ESR, which corrects these issues.\n After installing the update, Thunderbird must be restarted for the changes\n to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-November/019009.html\");\n script_id(881543);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:46:46 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-5829\",\n \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5839\",\n \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1483\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1483 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.11~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:11:24", "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-05-05T00:00:00", "id": "OPENVAS:803363", "href": "http://plugins.openvas.org/nasl.php?oid=803363", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_nov12_macosx.nasl 6074 2017-05-05 09:03:14Z teissa $\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\n Impact Level: System/Application\";\n\ntag_affected = \"Thunderbird version before 17.0 on Mac OS X\";\ntag_insight = \"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n - Error when rendering GIF images.\";\ntag_solution = \"Upgrade to Thunderbird version to 17.0 or later,\n http://www.mozilla.org/en-US/thunderbird\";\ntag_summary = \"This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803363);\n script_version(\"$Revision: 6074 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-05 11:03:14 +0200 (Fri, 05 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51358\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027791\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027792\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"ThunderBird/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\ntbVer = \"\";\n\n# Get version from KB\ntbVer = get_kb_item(\"ThunderBird/MacOSX/Version\");\n\nif(tbVer)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"17.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:16", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:1482-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-4210", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:870865", "href": "http://plugins.openvas.org/nasl.php?oid=870865", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:1482-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the\n XUL Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,\n CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840,\n CVE-2012-5842)\n\n A buffer overflow flaw was found in the way Firefox handled GIF (Graphics\n Interchange Format) images. A web page containing a malicious GIF image\n could cause Firefox to crash or, possibly, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-4202)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato\n Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these\n issues.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.11 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-November/msg00015.html\");\n script_id(870865);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:35:44 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4210\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\",\n \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1482-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:1482-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:41", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1482 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-4210", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:881542", "href": "http://plugins.openvas.org/nasl.php?oid=881542", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1482 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the\n XUL Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,\n CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840,\n CVE-2012-5842)\n \n A buffer overflow flaw was found in the way Firefox handled GIF (Graphics\n Interchange Format) images. A web page containing a malicious GIF image\n could cause Firefox to crash or, possibly, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-4202)\n \n A flaw was found in the way the Style Inspector tool in Firefox handled\n certain Cascading Style Sheets (CSS). Running the tool (Tools -&gt; Web\n Developer -&gt; Inspect) on malicious CSS could result in the execution of\n HTML and CSS content with chrome privileges. (CVE-2012-4210)\n \n A flaw was found in the way Firefox decoded the HZ-GB-2312 character\n encoding. A web page containing malicious content could cause Firefox to\n run JavaScript code with the permissions of a different website.\n (CVE-2012-4207)\n \n A flaw was found in the location object implementation in Firefox.\n Malicious content could possibly use this flaw to allow restricted content\n to be loaded by plug-ins. (CVE-2012-4209)\n \n A flaw was found in the way cross-origin wrappers were implemented.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-5841)\n \n A flaw was found in the evalInSandbox implementation in Firefox. Malicious\n content could use this flaw to perform cross-site scripting attacks.\n (CVE-2012-4201)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato\n Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these\n issues.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.11 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\";\n\ntag_affected = \"firefox on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-November/019006.html\");\n script_id(881542);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:45:16 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4210\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\",\n \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1482\");\n script_name(\"CentOS Update for firefox CESA-2012:1482 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.11~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-12T10:51:44", "description": "This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities - August12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3971"], "modified": "2017-06-27T00:00:00", "id": "OPENVAS:803011", "href": "http://plugins.openvas.org/nasl.php?oid=803011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_aug12_win.nasl 6444 2017-06-27 11:24:02Z santu $\n#\n# Mozilla Products Multiple Vulnerabilities - August12 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 15.0 or ESR version 10.0.7 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.12 or later,\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 15.0 or ESR 10.0.7 or later,\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser or cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"SeaMonkey version before 2.12 on Windows\n Thunderbird version before 15.0 on Windows\n Mozilla Firefox version before 15.0 on Windows\n Thunderbird ESR version 10.x before 10.0.7 on Windows\n Mozilla Firefox ESR version 10.x before 10.0.7 on Windows\";\ntag_insight = \"- Use-after-free error exists within the functions\n 'nsRangeUpdater::SelAdjDeleteNode', 'nsHTMLEditRules::DeleteNonTableElements',\n 'MediaStreamGraphThreadRunnable::Run', 'nsTArray_base::Length',\n 'nsHTMLSelectElement::SubmitNamesValues', 'PresShell::CompleteMove',\n 'gfxTextRun::GetUserData' and 'gfxTextRun::CanBreakLineBefore'.\n - Multiple unspecified errors within funcions 'nsBlockFrame::MarkLineDirty'\n and the browser engine can be exploited to\n corrupt memory.\n - Errors in 'Silf::readClassMap' and 'Pass::readPass' functions within\n Graphite 2 library.\n - Use-after-free error exists within the WebGL implementation.\";\ntag_summary = \"This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(803011);\n script_version(\"$Revision: 6444 $\");\n script_cve_id(\"CVE-2012-3959\", \"CVE-2012-3958\", \"CVE-2012-3957\", \"CVE-2012-3972\",\n \"CVE-2012-3956\", \"CVE-2012-3971\", \"CVE-2012-1976\", \"CVE-2012-3970\",\n \"CVE-2012-1975\", \"CVE-2012-3969\", \"CVE-2012-1974\", \"CVE-2012-3968\",\n \"CVE-2012-1973\", \"CVE-2012-3967\", \"CVE-2012-3966\", \"CVE-2012-1970\",\n \"CVE-2012-3964\", \"CVE-2012-3963\", \"CVE-2012-3962\", \"CVE-2012-3978\");\n script_bugtraq_id(55249);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-27 13:24:02 +0200 (Tue, 27 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 12:20:04 +0530 (Thu, 30 Aug 2012)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - August12 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50088\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1027450\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1027451\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-57.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-58.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-62.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-63.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-64.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-70.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = \"\";\nffVer = get_kb_item(\"Firefox/Win/Ver\");\n\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"10.0.7\")||\n version_in_range(version:ffVer, test_version:\"11.0\", test_version2:\"14.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = \"\";\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\n\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.12\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = \"\";\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\n\nif(tbVer)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"10.0.7\")||\n version_in_range(version:tbVer, test_version:\"11.0\", test_version2:\"14.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-19T22:15:59", "description": "This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities - August12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3971"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310803011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products Multiple Vulnerabilities - August12 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803011\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2012-3959\", \"CVE-2012-3958\", \"CVE-2012-3957\", \"CVE-2012-3972\",\n \"CVE-2012-3956\", \"CVE-2012-3971\", \"CVE-2012-1976\", \"CVE-2012-3970\",\n \"CVE-2012-1975\", \"CVE-2012-3969\", \"CVE-2012-1974\", \"CVE-2012-3968\",\n \"CVE-2012-1973\", \"CVE-2012-3967\", \"CVE-2012-3966\", \"CVE-2012-1970\",\n \"CVE-2012-3964\", \"CVE-2012-3963\", \"CVE-2012-3962\", \"CVE-2012-3978\");\n script_bugtraq_id(55249);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 12:20:04 +0530 (Thu, 30 Aug 2012)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - August12 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50088\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1027450\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1027451\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-57.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-58.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-62.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-63.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-64.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-70.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\", \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.12 on Windows\n\n Thunderbird version before 15.0 on Windows\n\n Mozilla Firefox version before 15.0 on Windows\n\n Thunderbird ESR version 10.x before 10.0.7 on Windows\n\n Mozilla Firefox ESR version 10.x before 10.0.7 on Windows\");\n script_tag(name:\"insight\", value:\"- Use-after-free error exists within the functions\n 'nsRangeUpdater::SelAdjDeleteNode', 'nsHTMLEditRules::DeleteNonTableElements',\n 'MediaStreamGraphThreadRunnable::Run', 'nsTArray_base::Length',\n 'nsHTMLSelectElement::SubmitNamesValues', 'PresShell::CompleteMove',\n 'gfxTextRun::GetUserData' and 'gfxTextRun::CanBreakLineBefore'.\n\n - Multiple unspecified errors within functions 'nsBlockFrame::MarkLineDirty'\n and the browser engine can be exploited to\n corrupt memory.\n\n - Errors in 'Silf::readClassMap' and 'Pass::readPass' functions within\n Graphite 2 library.\n\n - Use-after-free error exists within the WebGL implementation.\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 15.0 or ESR version 10.0.7 or later, upgrade to SeaMonkey version to 2.12 or later\n upgrade to Thunderbird version to 15.0 or ESR 10.0.7 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"10.0.7\")||\n version_in_range(version:ffVer, test_version:\"11.0\", test_version2:\"14.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.12\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"10.0.7\")||\n version_in_range(version:tbVer, test_version:\"11.0\", test_version2:\"14.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:06:10", "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310803363", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803363", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803363\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"Thunderbird version before 17.0 on Mac OS X\");\n script_tag(name:\"insight\", value:\"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n\n - Error when rendering GIF images.\");\n script_tag(name:\"solution\", value:\"Upgrade to Thunderbird version to 17.0 or later.\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ntbVer = get_kb_item(\"Thunderbird/MacOSX/Version\");\n\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"17.0\"))\n {\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"17.0\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1483 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881541", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881541", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1483 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-November/019004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881541\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:39:47 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-5829\",\n \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5839\",\n \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1483\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1483 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-4214,\n CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833,\n CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842)\n\n A buffer overflow flaw was found in the way Thunderbird handled GIF\n (Graphics Interchange Format) images. Content containing a malicious GIF\n image could cause Thunderbird to crash or, possibly, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-4202)\n\n A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character\n encoding. Malicious content could cause Thunderbird to run JavaScript code\n with the permissions of different content. (CVE-2012-4207)\n\n A flaw was found in the location object implementation in Thunderbird.\n Malicious content could possibly use this flaw to allow restricted content\n to be loaded by plug-ins. (CVE-2012-4209)\n\n A flaw was found in the way cross-origin wrappers were implemented.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-5841)\n\n A flaw was found in the evalInSandbox implementation in Thunderbird.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-4201)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz\n Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of\n these issues.\n\n Note: All issues except CVE-2012-4202 cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.11 ESR, which corrects these issues.\n After installing the update, Thunderbird must be restarted for the changes\n to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.11~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:50", "description": "This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:803056", "href": "http://plugins.openvas.org/nasl.php?oid=803056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln01_nov12_macosx.nasl 5940 2017-04-12 09:02:05Z teissa $\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\n Impact Level: System/Application\";\ntag_affected = \"Mozilla Firefox version before 17.0 on Mac OS X\";\ntag_insight = \"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n - Error when rendering GIF images.\";\ntag_solution = \"Upgrade to Mozilla Firefox version 17.0 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803056);\n script_version(\"$Revision: 5940 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51358\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027791\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027792\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nffVer = \"\";\n\n# Get Version from KB\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\n\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"17.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-19T22:15:02", "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310803361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803361", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803361\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 10.x before 10.0.11 on Mac OS X\");\n script_tag(name:\"insight\", value:\"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n\n - Error when rendering GIF images.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 10.0.11 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nfesrVer = get_kb_item(\"Mozilla/Firefox-ESR/MacOSX/Version\");\nif(fesrVer && fesrVer =~ \"^10\\.0\")\n{\n if(version_in_range(version:fesrVer, test_version:\"10.0\", test_version2:\"10.0.10\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:00", "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-05-11T00:00:00", "id": "OPENVAS:803361", "href": "http://plugins.openvas.org/nasl.php?oid=803361", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_nov12_macosx.nasl 6104 2017-05-11 09:03:48Z teissa $\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\n Impact Level: System/Application\";\n\ntag_affected = \"Mozilla Firefox ESR version 10.x before 10.0.11 on Mac OS X\";\ntag_insight = \"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n - Error when rendering GIF images.\";\ntag_solution = \"Upgrade to Mozilla Firefox ESR version 10.0.11 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"This host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803361);\n script_version(\"$Revision: 6104 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56641, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-11 11:03:48 +0200 (Thu, 11 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 11:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51358\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027791\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027792\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nfesrVer = \"\";\n\n# Get version from KB\nfesrVer = get_kb_item(\"Mozilla/Firefox-ESR/MacOSX/Version\");\nif(fesrVer && fesrVer =~ \"^10.0\")\n{\n # Grep for Firefox version\n if(version_in_range(version:fesrVer, test_version:\"10.0\", test_version2:\"10.0.10\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:1483-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870866", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870866", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:1483-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-November/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870866\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:37:15 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-5829\",\n \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5839\",\n \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1483-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:1483-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-4214,\n CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833,\n CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842)\n\n A buffer overflow flaw was found in the way Thunderbird handled GIF\n (Graphics Interchange Format) images. Content containing a malicious GIF\n image could cause Thunderbird to crash or, possibly, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-4202)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz\n Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of\n these issues.\n\n Note: All issues except CVE-2012-4202 cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.11 ESR, which corrects these issues.\n After installing the update, Thunderbird must be restarted for the changes\n to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-23T17:14:09", "description": "This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2020-03-20T00:00:00", "id": "OPENVAS:1361412562310803058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803058", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803058\");\n script_version(\"2020-03-20T12:10:27+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56630, 56638, 56639, 56639, 56613, 56621,\n 56627, 56612, 56616, 56644);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-20 12:10:27 +0000 (Fri, 20 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 01:30:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-94.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-96.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-97.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-99.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the browser.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 17.0 on Mac OS X.\");\n\n script_tag(name:\"insight\", value:\"Multiple error exists\n\n - When combining SVG text with the setting of CSS properties.\n\n - Within the 'copyTexImage2D' implementation in the WebGL subsystem and\n in the XrayWrapper implementation.\n\n - Within 'str_unescape' in the Javascript engin and in 'XMLHttpRequest'\n objects created within sandboxes.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 17.0 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\n\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"17.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-26T15:07:00", "description": "This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310803057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803057", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803057\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:30:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-94.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-96.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-97.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-99.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the browser.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 17.0 on Windows.\");\n\n script_tag(name:\"insight\", value:\"Multiple error exists\n\n - When combining SVG text with the setting of CSS properties.\n\n - Within the 'copyTexImage2D' implementation in the WebGL subsystem and\n in the XrayWrapper implementation.\n\n - Within 'str_unescape' in the Javascript engin and in 'XMLHttpRequest'\n objects created within sandboxes.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 17.0 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\n\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"17.0\"))\n {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"17.0\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:07:16", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:1483-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:870866", "href": "http://plugins.openvas.org/nasl.php?oid=870866", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:1483-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-4214,\n CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833,\n CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842)\n\n A buffer overflow flaw was found in the way Thunderbird handled GIF\n (Graphics Interchange Format) images. Content containing a malicious GIF\n image could cause Thunderbird to crash or, possibly, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-4202)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz\n Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of\n these issues.\n\n Note: All issues except CVE-2012-4202 cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.11 ESR, which corrects these issues.\n After installing the update, Thunderbird must be restarted for the changes\n to take effect.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-November/msg00016.html\");\n script_id(870866);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:37:15 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-5829\",\n \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5839\",\n \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1483-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:1483-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:28", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2012:1483 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:881541", "href": "http://plugins.openvas.org/nasl.php?oid=881541", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1483 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-4214,\n CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833,\n CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842)\n \n A buffer overflow flaw was found in the way Thunderbird handled GIF\n (Graphics Interchange Format) images. Content containing a malicious GIF\n image could cause Thunderbird to crash or, possibly, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-4202)\n \n A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character\n encoding. Malicious content could cause Thunderbird to run JavaScript code\n with the permissions of different content. (CVE-2012-4207)\n \n A flaw was found in the location object implementation in Thunderbird.\n Malicious content could possibly use this flaw to allow restricted content\n to be loaded by plug-ins. (CVE-2012-4209)\n \n A flaw was found in the way cross-origin wrappers were implemented.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-5841)\n \n A flaw was found in the evalInSandbox implementation in Thunderbird.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-4201)\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz\n Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of\n these issues.\n \n Note: All issues except CVE-2012-4202 cannot be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for mail messages. They could be exploited another way in Thunderbird, for\n example, when viewing the full remote content of an RSS feed.\n \n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.11 ESR, which corrects these issues.\n After installing the update, Thunderbird must be restarted for the changes\n to take effect.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-November/019004.html\");\n script_id(881541);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:39:47 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-5829\",\n \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5839\",\n \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1483\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1483 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.11~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:04", "description": "This host is installed with Mozilla Thunderbird ESR prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310803352", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803352", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_esr_mult_vuln01_nov12_win.nasl 14117 2019-03-12 14:02:42Z cfischer $\n#\n# Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803352\");\n script_version(\"$Revision: 14117 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5840\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 15:02:42 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird-ESR/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"Thunderbird ESR version 10.x before 10.0.11 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to:\n\n - The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n\n - Error when rendering GIF images.\");\n script_tag(name:\"solution\", value:\"Upgrade to Thunderbird ESR 10.0.11 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird ESR prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n\ntbesrVer = get_kb_item(\"Thunderbird-ESR/Win/Ver\");\n\nif(tbesrVer && tbesrVer =~ \"^10\\.0\")\n{\n if(version_in_range(version:tbesrVer, test_version:\"10.0\", test_version2:\"10.0.10\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:33", "description": "This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-04-24T00:00:00", "id": "OPENVAS:803055", "href": "http://plugins.openvas.org/nasl.php?oid=803055", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln01_nov12_win.nasl 6018 2017-04-24 09:02:24Z teissa $\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\n Impact Level: System/Application\";\ntag_affected = \"Mozilla Firefox version before 17.0 on Windows\";\ntag_insight = \"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n - Error when rendering GIF images.\";\ntag_solution = \"Upgrade to Mozilla Firefox version 17.0 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803055);\n script_version(\"$Revision: 6018 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5840\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-24 11:02:24 +0200 (Mon, 24 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51358\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027791\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027792\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nffVer = \"\";\n\n# Get version from KB\nffVer = get_kb_item(\"Firefox/Win/Ver\");\n\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"17.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-19T22:15:53", "description": "This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3971"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310803012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803012", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803012\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2012-3959\", \"CVE-2012-3958\", \"CVE-2012-3957\", \"CVE-2012-3972\",\n \"CVE-2012-3956\", \"CVE-2012-3971\", \"CVE-2012-1976\", \"CVE-2012-3970\",\n \"CVE-2012-1975\", \"CVE-2012-3969\", \"CVE-2012-1974\", \"CVE-2012-3968\",\n \"CVE-2012-1973\", \"CVE-2012-3967\", \"CVE-2012-3966\", \"CVE-2012-1970\",\n \"CVE-2012-3964\", \"CVE-2012-3963\", \"CVE-2012-3962\", \"CVE-2012-3978\");\n script_bugtraq_id(55249);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 12:20:04 +0530 (Thu, 30 Aug 2012)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50088\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1027450\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1027451\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-57.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-58.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-62.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-63.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-64.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-70.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.12 on Mac OS X\n Thunderbird version before 15.0 on Mac OS X\n Mozilla Firefox version before 15.0 on Mac OS X\n Thunderbird ESR version 10.x before 10.0.7 on Mac OS X\n Mozilla Firefox ESR version 10.x before 10.0.7 on Mac OS X\");\n script_tag(name:\"insight\", value:\"- Use-after-free error exists within the functions\n 'nsRangeUpdater::SelAdjDeleteNode', 'nsHTMLEditRules::DeleteNonTableElements',\n 'MediaStreamGraphThreadRunnable::Run', 'nsTArray_base::Length',\n 'nsHTMLSelectElement::SubmitNamesValues', 'PresShell::CompleteMove',\n 'gfxTextRun::GetUserData' and 'gfxTextRun::CanBreakLineBefore'.\n\n - Multiple unspecified errors within functions 'nsBlockFrame::MarkLineDirty'\n and the browser engine can be exploited to\n corrupt memory.\n\n - Errors in 'Silf::readClassMap' and 'Pass::readPass' functions within\n Graphite 2 library.\n\n - Use-after-free error exists within the WebGL implementation.\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 15.0 or ESR version 10.0.7 or later.\n\n Upgrade to SeaMonkey version to 2.12 or later.\n\n Upgrade to Thunderbird version to 15.0 or ESR 10.0.7 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\n\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"10.0.7\")||\n version_in_range(version:ffVer, test_version:\"11.0\", test_version2:\"14.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\n\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.12\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/MacOSX/Version\");\n\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"10.0.7\")||\n version_in_range(version:tbVer, test_version:\"11.0\", test_version2:\"14.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1482 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-4210", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881544", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881544", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1482 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-November/019003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881544\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:48:48 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4210\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\",\n \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1482\");\n script_name(\"CentOS Update for firefox CESA-2012:1482 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the\n XUL Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,\n CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840,\n CVE-2012-5842)\n\n A buffer overflow flaw was found in the way Firefox handled GIF (Graphics\n Interchange Format) images. A web page containing a malicious GIF image\n could cause Firefox to crash or, possibly, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-4202)\n\n A flaw was found in the way the Style Inspector tool in Firefox handled\n certain Cascading Style Sheets (CSS). Running the tool (Tools -> Web\n Developer -> Inspect) on malicious CSS could result in the execution of\n HTML and CSS content with chrome privileges. (CVE-2012-4210)\n\n A flaw was found in the way Firefox decoded the HZ-GB-2312 character\n encoding. A web page containing malicious content could cause Firefox to\n run JavaScript code with the permissions of a different website.\n (CVE-2012-4207)\n\n A flaw was found in the location object implementation in Firefox.\n Malicious content could possibly use this flaw to allow restricted content\n to be loaded by plug-ins. (CVE-2012-4209)\n\n A flaw was found in the way cross-origin wrappers were implemented.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-5841)\n\n A flaw was found in the evalInSandbox implementation in Firefox. Malicious\n content could use this flaw to perform cross-site scripting attacks.\n (CVE-2012-4201)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato\n Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these\n issues.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.11 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.11~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:1482-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-4210", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870865", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870865", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:1482-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-November/msg00015.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870865\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:35:44 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4210\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\",\n \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1482-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:1482-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the\n XUL Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,\n CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840,\n CVE-2012-5842)\n\n A buffer overflow flaw was found in the way Firefox handled GIF (Graphics\n Interchange Format) images. A web page containing a malicious GIF image\n could cause Firefox to crash or, possibly, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-4202)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato\n Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these\n issues.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.11 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.11~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.11~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-18T11:07:57", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:1482 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-4210", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:881544", "href": "http://plugins.openvas.org/nasl.php?oid=881544", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1482 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the\n XUL Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,\n CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840,\n CVE-2012-5842)\n \n A buffer overflow flaw was found in the way Firefox handled GIF (Graphics\n Interchange Format) images. A web page containing a malicious GIF image\n could cause Firefox to crash or, possibly, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-4202)\n \n A flaw was found in the way the Style Inspector tool in Firefox handled\n certain Cascading Style Sheets (CSS). Running the tool (Tools -&gt; Web\n Developer -&gt; Inspect) on malicious CSS could result in the execution of\n HTML and CSS content with chrome privileges. (CVE-2012-4210)\n \n A flaw was found in the way Firefox decoded the HZ-GB-2312 character\n encoding. A web page containing malicious content could cause Firefox to\n run JavaScript code with the permissions of a different website.\n (CVE-2012-4207)\n \n A flaw was found in the location object implementation in Firefox.\n Malicious content could possibly use this flaw to allow restricted content\n to be loaded by plug-ins. (CVE-2012-4209)\n \n A flaw was found in the way cross-origin wrappers were implemented.\n Malicious content could use this flaw to perform cross-site scripting\n attacks. (CVE-2012-5841)\n \n A flaw was found in the evalInSandbox implementation in Firefox. Malicious\n content could use this flaw to perform cross-site scripting attacks.\n (CVE-2012-4201)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\n McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato\n Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these\n issues.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.11 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-November/019003.html\");\n script_id(881544);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 11:48:48 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\",\n \"CVE-2012-4210\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\",\n \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1482\");\n script_name(\"CentOS Update for firefox CESA-2012:1482 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.11~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:46", "description": "Oracle Linux Local Security Checks ELSA-2012-1482", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1482", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5830", "CVE-2012-4210", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123777", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123777", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1482.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123777\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:08:25 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1482\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1482 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1482\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1482.html\");\n script_cve_id(\"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-4209\", \"CVE-2012-4210\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.11~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.11~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.11~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.11~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-25T14:53:09", "description": "The host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2019-06-25T00:00:00", "id": "OPENVAS:1361412562310803644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803644", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803644\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_name(\"Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50856\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50935\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird-ESR/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\");\n script_tag(name:\"affected\", value:\"Thunderbird ESR versions 10.x before 10.0.8 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - memory corruption issues\n\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n\n - Use-after-free in the IME State Manager code.\n\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n\n - An issue with spoofing of the location property.\n\n - Use-after-free, buffer overflow, and out of bounds read issues.\n\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n\n - several memory safety bugs in the browser engine used in mozilla products.\");\n script_tag(name:\"solution\", value:\"Upgrade to Thunderbird ESR version 10.0.8 or later.\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ntbVer = get_kb_item(\"Thunderbird-ESR/MacOSX/Version\");\nif(tbVer && tbVer =~ \"^10\\.0\")\n{\n if(version_in_range(version:tbVer, test_version:\"10.0\", test_version2:\"10.0.7\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:05:55", "description": "The host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310803639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803639", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803639\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50856\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50935\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\");\n script_tag(name:\"affected\", value:\"Thunderbird versions before 16.0 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - memory corruption issues\n\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n\n - Use-after-free in the IME State Manager code.\n\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n\n - An issue with spoofing of the location property.\n\n - Use-after-free, buffer overflow, and out of bounds read issues.\n\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n\n - several memory safety bugs in the browser engine used in mozilla products.\");\n script_tag(name:\"solution\", value:\"Upgrade to Thunderbird version to 16.0 or later.\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"16.0\")){\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"16.0\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:17", "description": "The host is installed with Mozilla firefox ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2017-05-12T00:00:00", "id": "OPENVAS:803638", "href": "http://plugins.openvas.org/nasl.php?oid=803638", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_oct12_win.nasl 6115 2017-05-12 09:03:25Z teissa $\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\n Impact Level: System/Application\";\n\ntag_summary = \"The host is installed with Mozilla firefox ESR and is prone to multiple\n vulnerabilities.\";\ntag_solution = \"Upgrade to Mozilla Firefox ESR 10.0.8 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\";\ntag_insight = \"The flaws are due to\n - memory corruption issues\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n - Use-after-free in the IME State Manager code.\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n - An issue with spoofing of the location property.\n - Use-after-free, buffer overflow, and out of bounds read issues.\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n - several memory safety bugs in the browser engine used in mozilla products.\";\ntag_affected = \"Firefox ESR versions 10.x before 10.0.8 on Windows\";\n\nif(description)\n{\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_id(803638);\n script_version(\"$Revision: 6115 $\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-12 11:03:25 +0200 (Fri, 12 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50856\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50935\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nffVer = \"\";\n\n# Firefox Check\nffVer = get_kb_item(\"Firefox-ESR/Win/Ver\");\nif(ffVer && ffVer =~ \"^10.0\")\n{\n # Grep for Firefox version\n if(version_in_range(version:ffVer, test_version:\"10.0\", test_version2:\"10.0.7\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:11:22", "description": "The host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2017-05-15T00:00:00", "id": "OPENVAS:803640", "href": "http://plugins.openvas.org/nasl.php?oid=803640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_esr_mult_vuln01_oct12_win.nasl 6125 2017-05-15 09:03:42Z teissa $\n#\n# Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\n Impact Level: System/Application\";\n\ntag_affected = \"Thunderbird ESR versions 10.x before 10.0.8 on Windows\";\ntag_insight = \"The flaws are due to\n - memory corruption issues\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n - Use-after-free in the IME State Manager code.\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n - An issue with spoofing of the location property.\n - Use-after-free, buffer overflow, and out of bounds read issues.\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n - several memory safety bugs in the browser engine used in mozilla products.\";\ntag_solution = \"Upgrade to Thunderbird ESR version 10.0.8 or later,\n http://www.mozilla.org/en-US/thunderbird\";\ntag_summary = \"The host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803640);\n script_version(\"$Revision: 6125 $\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-15 11:03:42 +0200 (Mon, 15 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_name(\"Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50856\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50935\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Thunderbird-ESR/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\ntbVer = \"\";\n\n# Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird-ESR/Win/Ver\");\nif(tbVer && tbVer =~ \"^10.0\")\n{\n # Grep for Thunderbird version\n if(version_in_range(version:tbVer, test_version:\"10.0\", test_version2:\"10.0.7\")){\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-19T22:14:56", "description": "The host is installed with Mozilla firefox ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310803638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803638", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\");\n script_tag(name:\"affected\", value:\"Firefox ESR versions 10.x before 10.0.8 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - memory corruption issues\n\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n\n - Use-after-free in the IME State Manager code.\n\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n\n - An issue with spoofing of the location property.\n\n - Use-after-free, buffer overflow, and out of bounds read issues.\n\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n\n - several memory safety bugs in the browser engine used in mozilla products.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR 10.0.8 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla firefox ESR and is prone to multiple\n vulnerabilities.\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.803638\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50856\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50935\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n\nffVer = get_kb_item(\"Firefox-ESR/Win/Ver\");\nif(ffVer && ffVer =~ \"^10\\.0\")\n{\n if(version_in_range(version:ffVer, test_version:\"10.0\", test_version2:\"10.0.7\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:22", "description": "The host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Seamonkey Multiple Vulnerabilities-01 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2017-05-08T00:00:00", "id": "OPENVAS:803645", "href": "http://plugins.openvas.org/nasl.php?oid=803645", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_seamonkey_mult_vuln01_oct12_macosx.nasl 6079 2017-05-08 09:03:33Z teissa $\n#\n# Mozilla Seamonkey Multiple Vulnerabilities-01 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\n Impact Level:System/Application\";\n\ntag_affected = \"SeaMonkey versions before 2.13 on Mac OS X\";\ntag_insight = \"The flaws are due to\n - memory corruption issues\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n - Use-after-free in the IME State Manager code.\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n - An issue with spoofing of the location property.\n - Use-after-free, buffer overflow, and out of bounds read issues.\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n - several memory safety bugs in the browser engine used in mozilla products.\";\ntag_solution = \"Upgrade to SeaMonkey version to 2.13 or later,\n http://www.mozilla.org/projects/seamonkey\";\ntag_summary = \"The host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803645);\n script_version(\"$Revision: 6079 $\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-08 11:03:33 +0200 (Mon, 08 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_name(\"Mozilla Seamonkey Multiple Vulnerabilities-01 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50856\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50935\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nseaVer = \"\";\n\n# SeaMonkey Check\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.13\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-23T19:06:07", "description": "The host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310803643", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803643", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803643\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50856\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50935\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\");\n script_tag(name:\"affected\", value:\"Thunderbird versions before 16.0 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - memory corruption issues\n\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n\n - Use-after-free in the IME State Manager code.\n\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n\n - An issue with spoofing of the location property.\n\n - Use-after-free, buffer overflow, and out of bounds read issues.\n\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n\n - several memory safety bugs in the browser engine used in mozilla products.\");\n script_tag(name:\"solution\", value:\"Upgrade to Thunderbird version to 16.0 or later.\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ntbVer = get_kb_item(\"Thunderbird/MacOSX/Version\");\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"16.0\")){\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"16.0\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:07", "description": "The host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2017-05-09T00:00:00", "id": "OPENVAS:803639", "href": "http://plugins.openvas.org/nasl.php?oid=803639", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_oct12_win.nasl 6086 2017-05-09 09:03:30Z teissa $\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\n Impact Level: System/Application\";\n\ntag_affected = \"Thunderbird versions before 16.0 on Windows\";\ntag_insight = \"The flaws are due to\n - memory corruption issues\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n - Use-after-free in the IME State Manager code.\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n - An issue with spoofing of the location property.\n - Use-after-free, buffer overflow, and out of bounds read issues.\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n - several memory safety bugs in the browser engine used in mozilla products.\";\ntag_solution = \"Upgrade to Thunderbird version to 16.0 or later,\n http://www.mozilla.org/en-US/thunderbird\";\ntag_summary = \"The host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803639);\n script_version(\"$Revision: 6086 $\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-09 11:03:30 +0200 (Tue, 09 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50856\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50935\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\ntbVer = \"\";\n\n# Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"16.0\")){\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:11:07", "description": "The host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2017-05-10T00:00:00", "id": "OPENVAS:803644", "href": "http://plugins.openvas.org/nasl.php?oid=803644", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_esr_mult_vuln01_oct12_macosx.nasl 6093 2017-05-10 09:03:18Z teissa $\n#\n# Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\n Impact Level:System/Application\";\n\ntag_affected = \"Thunderbird ESR versions 10.x before 10.0.8 on Mac OS X\";\ntag_insight = \"The flaws are due to\n - memory corruption issues\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n - Use-after-free in the IME State Manager code.\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n - An issue with spoofing of the location property.\n - Use-after-free, buffer overflow, and out of bounds read issues.\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n - several memory safety bugs in the browser engine used in mozilla products.\";\ntag_solution = \"Upgrade to Thunderbird ESR version 10.0.8 or later,\n http://www.mozilla.org/en-US/thunderbird\";\ntag_summary = \"The host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803644);\n script_version(\"$Revision: 6093 $\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-10 11:03:18 +0200 (Wed, 10 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_name(\"Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50856\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50935\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"ThunderBird-ESR/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\ntbVer = \"\";\n\n# Thunderbird Check\ntbVer = get_kb_item(\"ThunderBird-ESR/MacOSX/Version\");\nif(tbVer && tbVer =~ \"^10.0\")\n{\n # Grep for Thunderbird version\n if(version_in_range(version:tbVer, test_version:\"10.0\", test_version2:\"10.0.7\")){\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-26T15:07:46", "description": "The host is installed with Mozilla firefox and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-10-15T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3986", "CVE-2012-4185", "CVE-2012-3991", "CVE-2012-3993", "CVE-2012-3995", "CVE-2012-3988", "CVE-2012-3994", "CVE-2012-4183", "CVE-2012-4181", "CVE-2012-4186", "CVE-2012-4182", "CVE-2012-4187", "CVE-2012-3983", "CVE-2012-3982", "CVE-2012-4184", "CVE-2012-3992", "CVE-2012-4180", "CVE-2012-4188", "CVE-2012-3990", "CVE-2012-4179"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310802995", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802995", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802995\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-4188\", \"CVE-2012-4187\", \"CVE-2012-4186\", \"CVE-2012-4185\",\n \"CVE-2012-4184\", \"CVE-2012-3982\", \"CVE-2012-3990\", \"CVE-2012-3988\",\n \"CVE-2012-3986\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-4183\",\n \"CVE-2012-4182\", \"CVE-2012-4181\", \"CVE-2012-4180\", \"CVE-2012-4179\",\n \"CVE-2012-3995\", \"CVE-2012-3994\", \"CVE-2012-3993\", \"CVE-2012-3983\");\n script_bugtraq_id(55856);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-10-15 17:43:07 +0530 (Mon, 15 Oct 2012)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50856\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50935\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-86.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-87.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-79.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-77.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-81.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-84.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-85.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-82.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-74.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-83.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to conduct cross site scripting\n attacks, cause a denial of service memory corruption and application crash\n or possibly execute arbitrary code via unspecified vectors.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox versions before 16.0 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - memory corruption issues\n\n - An error within Chrome Object Wrapper (COW) when handling the\n 'InstallTrigger' object can be exploited to access certain privileged\n functions and properties.\n\n - Use-after-free in the IME State Manager code.\n\n - combination of invoking full screen mode and navigating backwards in\n history could, in some circumstances, cause a hang or crash due to a\n timing dependent use-after-free pointer reference.\n\n - Several methods of a feature used for testing (DOMWindowUtils) are not\n protected by existing security checks, allowing these methods to be called\n through script by web pages.\n\n - An error when GetProperty function is invoked through JSAPI, security\n checking can be bypassed when getting cross-origin properties.\n\n - An issue with spoofing of the location property.\n\n - Use-after-free, buffer overflow, and out of bounds read issues.\n\n - The location property can be accessed by binary plugins through\n top.location and top can be shadowed by Object.define Property as well.\n This can allow for possible XSS attacks through plugins.\n\n - several memory safety bugs in the browser engine used in mozilla products.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 16.0 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla firefox and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"16.0\"))\n {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"16.0\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-26T15:07:10", "description": "This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310803055", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803055", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803055\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5840\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 17.0 on Windows\");\n script_tag(name:\"insight\", value:\"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n\n - Error when rendering GIF images.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 17.0 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\n\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"17.0\"))\n {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"17.0\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:37", "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-04-21T00:00:00", "id": "OPENVAS:803349", "href": "http://plugins.openvas.org/nasl.php?oid=803349", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_nov12_win.nasl 5999 2017-04-21 09:02:32Z teissa $\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\n Impact Level: System/Application\";\ntag_affected = \"Mozilla Firefox ESR version 10.x before 10.0.11 on Windows\";\ntag_insight = \"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n - Error when rendering GIF images.\";\ntag_solution = \"Upgrade to Mozilla Firefox ESR version 10.0.11 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"This host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803349);\n script_version(\"$Revision: 5999 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5840\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-21 11:02:32 +0200 (Fri, 21 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51358\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027791\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027792\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nfesrVer = \"\";\n\n# Get version from KB\nfesrVer = get_kb_item(\"Firefox-ESR/Win/Ver\");\n\nif(fesrVer && fesrVer =~ \"^10.0\")\n{\n # Grep for Firefox version\n if(version_in_range(version:fesrVer, test_version:\"10.0\", test_version2:\"10.0.10\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-26T15:08:27", "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310803351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803351", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803351\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5840\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"Thunderbird version before 17.0 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to:\n\n - The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n\n - Error when rendering GIF images.\");\n script_tag(name:\"solution\", value:\"Upgrade to Thunderbird version to 17.0 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\n\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"17.0\"))\n {\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"17.0\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:46", "description": "This host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-04-25T00:00:00", "id": "OPENVAS:803350", "href": "http://plugins.openvas.org/nasl.php?oid=803350", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_seamonkey_mult_vuln01_nov12_win.nasl 6022 2017-04-25 12:51:04Z teissa $\n#\n# Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\n Impact Level: System/Application\";\ntag_affected = \"SeaMonkey version before 2.14 on Windows\";\ntag_insight = \"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n - Error when rendering GIF images.\";\ntag_solution = \"Upgrade to SeaMonkey version to 2.14 or later,\n http://www.mozilla.org/projects/seamonkey\";\ntag_summary = \"This host is installed with Mozilla Seamonkey and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803350);\n script_version(\"$Revision: 6022 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5840\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-25 14:51:04 +0200 (Tue, 25 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51358\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027791\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027792\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nseaVer = \"\";\n\n# Get version from KB\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\n\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.14\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:53", "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2017-04-13T00:00:00", "id": "OPENVAS:803351", "href": "http://plugins.openvas.org/nasl.php?oid=803351", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_nov12_win.nasl 5950 2017-04-13 09:02:06Z teissa $\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\n Impact Level: System/Application\";\ntag_affected = \"Thunderbird version before 17.0 on Windows\";\ntag_insight = \"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n - Error when rendering GIF images.\";\ntag_solution = \"Upgrade to Thunderbird version to 17.0 or later,\n http://www.mozilla.org/en-US/thunderbird\";\ntag_summary = \"This host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803351);\n script_version(\"$Revision: 5950 $\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5840\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-13 11:02:06 +0200 (Thu, 13 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51358\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027791\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027792\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\ntbVer = \"\";\n\n# Get version from KB\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\n\nif(tbVer)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"17.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:17", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1551-2", "cvss3": {}, "published": "2012-10-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1551-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3975", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1971", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961", "CVE-2012-3971"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841165", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841165", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1551_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-1551-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1551-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841165\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 09:22:19 +0530 (Wed, 03 Oct 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1971\", \"CVE-2012-1972\", \"CVE-2012-1973\",\n \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\",\n \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\",\n \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\",\n \"CVE-2012-1956\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\",\n \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3971\", \"CVE-2012-3972\",\n \"CVE-2012-3975\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1551-2\");\n script_name(\"Ubuntu Update for thunderbird USN-1551-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1551-2\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a\n regression in the message editor and certain performance regressions as\n well. This update fixes the problems.\n\n Original advisory details:\n\n Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew\n Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel\n Holbert discovered memory safety issues affecting Thunderbird. If the user\n were tricked into opening a specially crafted E-Mail, an attacker could\n exploit these to cause a denial of service via application crash, or\n potentially execute code with the privileges of the user invoking\n Thunderbird. (CVE-2012-1970, CVE-2012-1971)\n\n Abhishek Arya discovered multiple use-after-free vulnerabilities. If the\n user were tricked into opening a specially crafted E-Mail, an attacker\n could exploit these to cause a denial of service via application crash, or\n potentially execute code with the privileges of the user invoking\n Thunderbird. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,\n CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959,\n CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n\n Mariusz Mlynsk discovered that it is possible to shadow the location object\n using Object.defineProperty. This could potentially result in a cross-site\n scripting (XSS) attack against plugins. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing a specially crafted\n E-Mail, a remote attacker could exploit this to modify the contents or\n steal confidential data within the same domain. (CVE-2012-1956)\n\n Frederic Hoguin discovered that bitmap format images with a negative height\n could potentially result in memory corruption. If the user were tricked\n into opening a specially crafted image, an attacker could exploit this to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking Thunderbird. (CVE-2012-3966)\n\n It was discovered that Thunderbird's WebGL implementation was vulnerable to\n multiple memory safety issues. If the user were tricked into opening a\n specially crafted E-Mail, an attacker could exploit these to cause a denial\n of service via application crash, or potentially execute code with the\n privileges of the user invoking Thunderbird. (CVE-2012-3967, CVE-2012-3968)\n\n Arthur Gerkis discovered multiple memory safety issues in Thunderbird's\n Scalable Vector Graphics (SVG) implementation. ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0.1+build1-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0.1+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-globalmenu\", ver:\"15.0.1+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0.1+build1-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-globalmenu\", ver:\"15.0.1+build1-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0.1+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-globalmenu\", ver:\"15.0.1+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-12T10:51:54", "description": "This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-3978", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3971"], "modified": "2017-06-27T00:00:00", "id": "OPENVAS:803012", "href": "http://plugins.openvas.org/nasl.php?oid=803012", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_aug12_macosx.nasl 6445 2017-06-27 12:31:06Z santu $\n#\n# Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 15.0 or ESR version 10.0.7 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.12 or later,\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 15.0 or ESR 10.0.7 or later,\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser or cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"SeaMonkey version before 2.12 on Mac OS X\n Thunderbird version before 15.0 on Mac OS X\n Mozilla Firefox version before 15.0 on Mac OS X\n Thunderbird ESR version 10.x before 10.0.7 on Mac OS X\n Mozilla Firefox ESR version 10.x before 10.0.7 on Mac OS X\";\ntag_insight = \"- Use-after-free error exists within the functions\n 'nsRangeUpdater::SelAdjDeleteNode', 'nsHTMLEditRules::DeleteNonTableElements',\n 'MediaStreamGraphThreadRunnable::Run', 'nsTArray_base::Length',\n 'nsHTMLSelectElement::SubmitNamesValues', 'PresShell::CompleteMove',\n 'gfxTextRun::GetUserData' and 'gfxTextRun::CanBreakLineBefore'.\n - Multiple unspecified errors within funcions 'nsBlockFrame::MarkLineDirty'\n and the browser engine can be exploited to\n corrupt memory.\n - Errors in 'Silf::readClassMap' and 'Pass::readPass' functions within\n Graphite 2 library.\n - Use-after-free error exists within the WebGL implementation.\";\ntag_summary = \"This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(803012);\n script_version(\"$Revision: 6445 $\");\n script_cve_id(\"CVE-2012-3959\", \"CVE-2012-3958\", \"CVE-2012-3957\", \"CVE-2012-3972\",\n \"CVE-2012-3956\", \"CVE-2012-3971\", \"CVE-2012-1976\", \"CVE-2012-3970\",\n \"CVE-2012-1975\", \"CVE-2012-3969\", \"CVE-2012-1974\", \"CVE-2012-3968\",\n \"CVE-2012-1973\", \"CVE-2012-3967\", \"CVE-2012-3966\", \"CVE-2012-1970\",\n \"CVE-2012-3964\", \"CVE-2012-3963\", \"CVE-2012-3962\", \"CVE-2012-3978\");\n script_bugtraq_id(55249);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-27 14:31:06 +0200 (Tue, 27 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 12:20:04 +0530 (Thu, 30 Aug 2012)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50088\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1027450\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1027451\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-57.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-58.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-62.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-63.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-64.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-70.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = \"\";\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\n\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"10.0.7\")||\n version_in_range(version:ffVer, test_version:\"11.0\", test_version2:\"14.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = \"\";\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\n\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.12\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = \"\";\ntbVer = get_kb_item(\"ThunderBird/MacOSX/Version\");\n\nif(tbVer)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"10.0.7\")||\n version_in_range(version:tbVer, test_version:\"11.0\", test_version2:\"14.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:19:41", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1551-1", "cvss3": {}, "published": "2012-09-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1551-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3975", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1971", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961", "CVE-2012-3971"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841128", "href": "http://plugins.openvas.org/nasl.php?oid=841128", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1551_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for thunderbird USN-1551-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew\n Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel\n Holbert discovered memory safety issues affecting Thunderbird. If the user\n were tricked into opening a specially crafted E-Mail, an attacker could\n exploit these to cause a denial of service via application crash, or\n potentially execute code with the privileges of the user invoking\n Thunderbird. (CVE-2012-1970, CVE-2012-1971)\n\n Abhishek Arya discovered multiple use-after-free vulnerabilities. If the\n user were tricked into opening a specially crafted E-Mail, an attacker\n could exploit these to cause a denial of service via application crash, or\n potentially execute code with the privileges of the user invoking\n Thunderbird. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,\n CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959,\n CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n \n Mariusz Mlynsk discovered that it is possible to shadow the location object\n using Object.defineProperty. This could potentially result in a cross-site\n scripting (XSS) attack against plugins. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing a specially crafted\n E-Mail, a remote attacker could exploit this to modify the contents or\n steal confidential data within the same domain. (CVE-2012-1956)\n \n Fr&#233;d&#233;ric Hoguin discovered that bitmap format images with a negative height\n could potentially result in memory corruption. If the user were tricked\n into opening a specially crafted image, an attacker could exploit this to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking Thunderbird. (CVE-2012-3966)\n \n It was discovered that Thunderbird's WebGL implementation was vulnerable to\n multiple memory safety issues. If the user were tricked into opening a\n specially crafted E-Mail, an attacker could exploit these to cause a denial\n of service via application crash, or potentially execute code with the\n privileges of the user invoking Thunderbird. (CVE-2012-3967, CVE-2012-3968)\n \n Arthur Gerkis discovered multiple memory safety issues in Thunderbird's\n Scalable Vector Graphics (SVG) implementation. If the user were tricked\n into opening a specially crafted image, an attacker could exploit these to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1551-1\";\ntag_affected = \"thunderbird on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1551-1/\");\n script_id(841128);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:36:38 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1971\", \"CVE-2012-1972\", \"CVE-2012-1973\",\n \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\",\n \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\",\n \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\",\n \"CVE-2012-1956\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\",\n \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3971\", \"CVE-2012-3972\",\n \"CVE-2012-3975\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1551-1\");\n script_name(\"Ubuntu Update for thunderbird USN-1551-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0+build1-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0+build1-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:40:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2012:1065-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3973", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3965", "CVE-2012-3959", "CVE-2012-3975", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961", "CVE-2012-3971"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850431", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850431", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.850431\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:26 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\",\n \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\",\n \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\",\n \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\",\n \"CVE-2012-3965\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\",\n \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3971\", \"CVE-2012-3972\",\n \"CVE-2012-3973\", \"CVE-2012-3975\", \"CVE-2012-3976\", \"CVE-2012-3978\",\n \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:1065-1\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2012:1065-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.2\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox on openSUSE 12.2\");\n\n script_tag(name:\"insight\", value:\"Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0\n update (bnc#777588)\n\n * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety\n hazards\n\n * MFSA\n 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1\n 975\n CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-\n 2012-3959\n CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-\n 2012-3964 Use-after-free issues found using Address\n Sanitizer\n\n * MFSA 2012-59/CVE-2012-1956 (bmo#756719) Location object\n can be shadowed using Object.defineProperty\n\n * MFSA 2012-60/CVE-2012-3965 (bmo#769108) Escalation of\n privilege through about:newtab\n\n * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)\n Memory corruption with bitmap format images with\n negative height\n\n * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL\n use-after-free and memory corruption\n\n * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer\n overflow and use-after-free issues\n\n * MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption\n\n * MFSA 2012-65/CVE-2012-3972 (bmo#746855) Out-of-bounds\n read in format-number in XSLT\n\n * MFSA 2012-66/CVE-2012-3973 (bmo#757128) HTTPMonitor\n extension allows for remote debugging without explicit\n activation\n\n * MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser loads\n linked resources in extensions when parsing text/html\n\n * MFSA 2012-69/CVE-2012-3976 (bmo#768568) Incorrect site\n SSL certificate data display\n\n * MFSA 2012-70/CVE-2012-3978 (bmo#770429) Location object\n security checks bypassed by chrome code\n\n * MFSA 2012-72/CVE-2012-3980 (bmo#771859) Web console\n eval capable of executing chrome-privileged code\n\n - fix HTML5 video crash with GStreamer enabled (bmo#761030)\n\n - GStreamer is only used for MP4 (no WebM, OGG)\n\n - updated filelist\n\n - moved browser specific preferences to correct location\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~15.0~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~15.0~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~15.0~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~15.0~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~15.0~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~15.0~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~15.0~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~15.0~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel-debuginfo\", rpm:\"MozillaThunderbird-devel-debuginfo~15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.4.4+15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail-debuginfo\", rpm:\"enigmail-debuginfo~1.4.4+15.0~49.9.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-js\", rpm:\"mozilla-js~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-js-debuginfo\", rpm:\"mozilla-js-debuginfo~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.12~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.12~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.12~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.12~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.12~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.12~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.12~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.12~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-buildsymbols\", rpm:\"xulrunner-buildsymbols~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-debugsource\", rpm:\"xulrunner-debugsource~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-devel-debuginfo\", rpm:\"xulrunner-devel-debuginfo~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-js-32bit\", rpm:\"mozilla-js-32bit~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-js-debuginfo-32bit\", rpm:\"mozilla-js-debuginfo-32bit~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.13.6~2.7.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-32bit\", rpm:\"xulrunner-32bit~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-debuginfo-32bit\", rpm:\"xulrunner-debuginfo-32bit~15.0~2.8.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:15:45", "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5842", "CVE-2012-4214", "CVE-2012-5829", "CVE-2012-4201", "CVE-2012-5840", "CVE-2012-4202", "CVE-2012-5839", "CVE-2012-4216", "CVE-2012-5835", "CVE-2012-4207", "CVE-2012-5833", "CVE-2012-5841", "CVE-2012-4215", "CVE-2012-4209"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310803349", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803349", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803349\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2012-4209\", \"CVE-2012-4214\", \"CVE-2012-4215\", \"CVE-2012-4216\",\n \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4207\", \"CVE-2012-5842\",\n \"CVE-2012-5841\", \"CVE-2012-5829\", \"CVE-2012-5840\", \"CVE-2012-5833\",\n \"CVE-2012-5835\", \"CVE-2012-5839\");\n script_bugtraq_id(56629, 56628, 56633, 56634, 56618, 56614, 56632, 56611,\n 56631, 56636, 56642, 56637, 56635);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:10:03 +0530 (Mon, 26 Nov 2012)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51358\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027791\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027792\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 10.x before 10.0.11 on Windows\");\n script_tag(name:\"insight\", value:\"- The 'location' property can be accessed through 'top.location' with a\n frame whose name attributes value is set to 'top'.\n\n - Use-after-free error exists within the functions\n 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry',\n 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.\n\n - An error within the 'evalInSandbox()' when handling the 'location.href'\n property.\n\n - Error when rendering GIF images.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 10.0.11 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nfesrVer = get_kb_item(\"Firefox-ESR/Win/Ver\");\n\nif(fesrVer && fesrVer =~ \"^10\\.0\")\n{\n if(version_in_range(version:fesrVer, test_version:\"10.0\", test_version2:\"10.0.10\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:07:54", "description": "Check for the Version of MozillaFirefox", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3973", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3965", "CVE-2012-3959", "CVE-2012-3975", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961", "CVE-2012-3971"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:850319", "href": "http://plugins.openvas.org/nasl.php?oid=850319", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_1064_1.nasl 8285 2018-01-04 06:29:16Z teissa $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"MozillaFirefox on openSUSE 12.1, openSUSE 11.4\";\ntag_insight = \"Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0\n update (bnc#777588)\n * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety\n hazards\n * MFSA\n 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1\n 975\n CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-\n 2012-3959\n CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-\n 2012-3964 Use-after-free issues found using Address\n Sanitizer\n * MFSA 2012-59/CVE-2012-1956 (bmo#756719) Location object\n can be shadowed using Object.defineProperty\n * MFSA 2012-60/CVE-2012-3965 (bmo#769108) Escalation of\n privilege through about:newtab\n * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)\n Memory corruption with bitmap format images with\n negative height\n * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL\n use-after-free and memory corruption\n * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer\n overflow and use-after-free issues\n * MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption\n * MFSA 2012-65/CVE-2012-3972 (bmo#746855) Out-of-bounds\n read in format-number in XSLT\n * MFSA 2012-66/CVE-2012-3973 (bmo#757128) HTTPMonitor\n extension allows for remote debugging without explicit\n activation\n * MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser loads\n linked resources in extensions when parsing text/html\n * MFSA 2012-69/CVE-2012-3976 (bmo#768568) Incorrect site\n SSL certificate data display\n * MFSA 2012-70/CVE-2012-3978 (bmo#770429) Location object\n security checks bypassed by chrome code\n * MFSA 2012-72/CVE-2012-3980 (bmo#771859) Web console\n eval capable of executing chrome-privileged code\n - fix HTML5 video crash with GStreamer enabled (bmo#761030)\n - GStreamer is only used for MP4 (no WebM, OGG)\n - updated filelist\n - moved browser specific preferences to correct location\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850319);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:43 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-1956\", \"CVE-2012-1970\", \"CVE-2012-1972\", \"CVE-2012-1973\",\n \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\",\n \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\",\n \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\",\n \"CVE-2012-3965\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\",\n \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3971\", \"CVE-2012-3972\",\n \"CVE-2012-3973\", \"CVE-2012-3975\", \"CVE-2012-3976\", \"CVE-2012-3978\",\n \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:1064_1\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of MozillaFirefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~15.0~31.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~15.0~31.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~15.0~31.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~15.0~31.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~15.0~31.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~15.0~31.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~15.0~31.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~15.0~31.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel-debuginfo\", rpm:\"MozillaThunderbird-devel-debuginfo~15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.4.4+15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail-debuginfo\", rpm:\"enigmail-debuginfo~1.4.4+15.0~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.9.2~16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo\", rpm:\"mozilla-nspr-debuginfo~4.9.2~16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debugsource\", rpm:\"mozilla-nspr-debugsource~4.9.2~16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.9.2~16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.12~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.12~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.12~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.12~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.12~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.12~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.12~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.12~27.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.9.2~16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo-32bit\", rpm:\"mozilla-nspr-debuginfo-32bit~4.9.2~16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-x86\", rpm:\"libfreebl3-debuginfo-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-x86\", rpm:\"libfreebl3-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-x86\", rpm:\"libsoftokn3-debuginfo-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-x86\", rpm:\"libsoftokn3-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo-x86\", rpm:\"mozilla-nspr-debuginfo-x86~4.9.2~16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-x86\", rpm:\"mozilla-nspr-x86~4.9.2~16.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-x86\", rpm:\"mozilla-nss-certs-debuginfo-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-x86\", rpm:\"mozilla-nss-certs-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-x86\", rpm:\"mozilla-nss-debuginfo-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-x86\", rpm:\"mozilla-nss-sysinit-debuginfo-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-x86\", rpm:\"mozilla-nss-sysinit-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-x86\", rpm:\"mozilla-nss-x86~3.13.6~47.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~15.0~2.36.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~15.0~2.36.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~15.0~2.36.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~15.0~2.36.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~15.0~2.36.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~15.0~2.36.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~15.0~2.36.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~15.0~2.36.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel-debuginfo\", rpm:\"MozillaThunderbird-devel-debuginfo~15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.4.4+15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail-debuginfo\", rpm:\"enigmail-debuginfo~1.4.4+15.0~33.29.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js\", rpm:\"mozilla-js~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js-debuginfo\", rpm:\"mozilla-js-debuginfo~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.9.2~3.6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo\", rpm:\"mozilla-nspr-debuginfo~4.9.2~3.6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debugsource\", rpm:\"mozilla-nspr-debugsource~4.9.2~3.6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.9.2~3.6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.12~2.27.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.12~2.27.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.12~2.27.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.12~2.27.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.12~2.27.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.12~2.27.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.12~2.27.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.12~2.27.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-buildsymbols\", rpm:\"xulrunner-buildsymbols~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debugsource\", rpm:\"xulrunner-debugsource~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel-debuginfo\", rpm:\"xulrunner-devel-debuginfo~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js-32bit\", rpm:\"mozilla-js-32bit~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js-debuginfo-32bit\", rpm:\"mozilla-js-debuginfo-32bit~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.9.2~3.6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo-32bit\", rpm:\"mozilla-nspr-debuginfo-32bit~4.9.2~3.6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-32bit\", rpm:\"xulrunner-32bit~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo-32bit\", rpm:\"xulrunner-debuginfo-32bit~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-x86\", rpm:\"libfreebl3-debuginfo-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-x86\", rpm:\"libfreebl3-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-x86\", rpm:\"libsoftokn3-debuginfo-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-x86\", rpm:\"libsoftokn3-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js-debuginfo-x86\", rpm:\"mozilla-js-debuginfo-x86~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js-x86\", rpm:\"mozilla-js-x86~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo-x86\", rpm:\"mozilla-nspr-debuginfo-x86~4.9.2~3.6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-x86\", rpm:\"mozilla-nspr-x86~4.9.2~3.6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-x86\", rpm:\"mozilla-nss-certs-debuginfo-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-x86\", rpm:\"mozilla-nss-certs-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-x86\", rpm:\"mozilla-nss-debuginfo-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-x86\", rpm:\"mozilla-nss-sysinit-debuginfo-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-x86\", rpm:\"mozilla-nss-sysinit-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-x86\", rpm:\"mozilla-nss-x86~3.13.6~9.17.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo-x86\", rpm:\"xulrunner-debuginfo-x86~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-x86\", rpm:\"xulrunner-x86~15.0~2.35.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:21:01", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1551-2", "cvss3": {}, "published": "2012-10-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1551-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3959", "CVE-2012-3975", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1971", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961", "CVE-2012-3971"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841165", "href": "http://plugins.openvas.org/nasl.php?oid=841165", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1551_2.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for thunderbird USN-1551-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a\n regression in the message editor and certain performance regressions as\n well. This update fixes the problems.\n\n Original advisory details:\n \n Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew\n Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel\n Holbert discovered memory safety issues affecting Thunderbird. If the user\n were tricked into opening a specially crafted E-Mail, an attacker could\n exploit these to cause a denial of service via application crash, or\n potentially execute code with the privileges of the user invoking\n Thunderbird. (CVE-2012-1970, CVE-2012-1971)\n \n Abhishek Arya discovered multiple use-after-free vulnerabilities. If the\n user were tricked into opening a specially crafted E-Mail, an attacker\n could exploit these to cause a denial of service via application crash, or\n potentially execute code with the privileges of the user invoking\n Thunderbird. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,\n CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959,\n CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n \n Mariusz Mlynsk discovered that it is possible to shadow the location object\n using Object.defineProperty. This could potentially result in a cross-site\n scripting (XSS) attack against plugins. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing a specially crafted\n E-Mail, a remote attacker could exploit this to modify the contents or\n steal confidential data within the same domain. (CVE-2012-1956)\n \n Fr&#233;d&#233;ric Hoguin discovered that bitmap format images with a negative height\n could potentially result in memory corruption. If the user were tricked\n into opening a specially crafted image, an attacker could exploit this to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking Thunderbird. (CVE-2012-3966)\n \n It was discovered that Thunderbird's WebGL implementation was vulnerable to\n multiple memory safety issues. If the user were tricked into opening a\n specially crafted E-Mail, an attacker could exploit these to cause a denial\n of service via application crash, or potentially execute code with the\n privileges of the user invoking Thunderbird. (CVE-2012-3967, CVE-2012-3968)\n \n Arthur Gerkis discovered multiple memory safety issues in Thunderbird's\n Scalable Vector Graphics (SVG) implementation. ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1551-2\";\ntag_affected = \"thunderbird on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1551-2/\");\n script_id(841165);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 09:22:19 +0530 (Wed, 03 Oct 2012)\");\n script_cve_id(\"CVE-2012-1970\", \"CVE-2012-1971\", \"CVE-2012-1972\", \"CVE-2012-1973\",\n \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-3956\",\n \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\",\n \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\",\n \"CVE-2012-1956\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\",\n \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3971\", \"CVE-2012-3972\",\n \"CVE-2012-3975\", \"CVE-2012-3978\", \"CVE-2012-3980\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1551-2\");\n script_name(\"Ubuntu Update for thunderbird USN-1551-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0.1+build1-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0.1+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-globalmenu\", ver:\"15.0.1+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0.1+build1-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-globalmenu\", ver:\"15.0.1+build1-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"15.0.1+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-globalmenu\", ver:\"15.0.1+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:41:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2012:1064-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1970", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-3968", "CVE-2012-3963", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3976", "CVE-2012-1972", "CVE-2012-3962", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3973", "CVE-2012-1975", "CVE-2012-3956", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3965", "CVE-2012-3959", "CVE-2012-3975", "CVE-2012-3980", "CVE-2012-3960", "CVE-2012-1976", "CVE-2012-3972", "CVE-2012-3964", "CVE-2012-3961", "CVE-2012-3971"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850319", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along wi