{"id": "MFSA2011-06", "lastseen": "2016-09-05T13:37:42", "viewCount": 0, "bulletinFamily": "software", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 1, "enchantments": {"score": {"value": 4.4, "vector": "NONE", "modified": "2016-09-05T13:37:42", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_11_3_MOZILLAFIREFOX-110908.NASL", "SUSE_11_3_MOZILLATHUNDERBIRD-110908.NASL", "SUSE_11_3_SEAMONKEY-110908.NASL", "SUSE_11_4_MOZILLA-JS192-110908.NASL", "SUSE_11_4_MOZILLAFIREFOX-110908.NASL", "SUSE_11_4_SEAMONKEY-110908.NASL", "SUSE_11_3_SEAMONKEY-110819.NASL", "SUSE_11_4_MOZILLAFIREFOX-110819.NASL", "SUSE_11_4_SEAMONKEY-110819.NASL", "SUSE_11_4_MOZILLATHUNDERBIRD-110908.NASL"]}], "modified": "2016-09-05T13:37:42", "rev": 2}, "vulnersScore": 4.4}, "type": "mozilla", "description": "Daniel Kozlowski reported that a\nJavaScript Worker could be used to keep a reference to an\nobject that could be freed during garbage collection. Subsequent\ncalls through this deleted reference could cause attacker-controlled\nmemory to be executed on a victim's computer.", "title": "Use-after-free error using Web Workers", "cvelist": [], "published": "2011-03-01T00:00:00", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=626631"], "reporter": "Mozilla Foundation", "affectedSoftware": [{"version": "3.5.17", "name": "Firefox", "operator": "lt"}, {"version": "2.0.12", "name": "SeaMonkey", "operator": "lt"}, {"version": "3.6.14", "name": "Firefox", "operator": "lt"}], "modified": "2011-03-01T00:00:00", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2011-06/"}

{"nessus": [{"lastseen": "2021-01-17T14:08:15", "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\n - Miscellaneous memory safety hazards (rv:4.0) Mozilla\n identified and fixed several memory safety bugs in the\n browser engine used in SeaMonkey 2.2 and other\n Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Aral Yaman reported a WebGL crash which affected\n SeaMonkey 2.2. (CVE-2011-2989)\n\n Vivekanand Bolajwar reported a JavaScript crash which\n affected SeaMonkey 2.2. (CVE-2011-2991)\n\n Bert Hubert and Theo Snelleman of Fox-IT reported a\n crash in the Ogg reader which affected SeaMonkey 2.2.\n (CVE-2011-2992)\n\n Mozilla developers and community members Robert Kaiser,\n Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong,\n Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob\n Clary and Jonathan Watt reported memory safety issues\n which affected SeaMonkey 2.2. (CVE-2011-2985)\n\n - Unsigned scripts can call script inside signed JAR\n\n Rafael Gieschke reported that unsigned JavaScript could\n call into script inside a signed JAR thereby inheriting\n the identity of the site that signed the JAR as well as\n any permissions that a user had granted the signed JAR.\n (CVE-2011-2993)\n\n - String crash using WebGL shaders\n\n Michael Jordon of Context IS reported that an overly\n long shader program could cause a buffer overrun and\n crash in a string class used to store the shader source\n code. (CVE-2011-2988)\n\n - Heap overflow in ANGLE library\n\n Michael Jordon of Context IS reported a potentially\n exploitable heap overflow in the ANGLE library used by\n Mozilla's WebGL implementation. (CVE-2011-2987)\n\n - Crash in SVGTextElement.getCharNumAtPosition()\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that a SVG text\n manipulation routine contained a dangling pointer\n vulnerability. (CVE-2011-0084)\n\n - Credential leakage using Content Security Policy reports\n\n Mike Cardwell reported that Content Security Policy\n violation reports failed to strip out proxy\n authorization credentials from the list of request\n headers. Daniel Veditz reported that redirecting to a\n website with Content Security Policy resulted in the\n incorrect resolution of hosts in the constructed policy.\n (CVE-2011-2990)\n\n - Cross-origin data theft using canvas and Windows D2D\n\n nasalislarvatus3000 reported that when using Windows D2D\n hardware acceleration, image data from one domain could\n be inserted into a canvas and read by a different\n domain. (CVE-2011-2986)", "edition": 27, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_3_SEAMONKEY-110819.NASL", "href": "https://www.tenable.com/plugins/nessus/75739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75739);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\n - Miscellaneous memory safety hazards (rv:4.0) Mozilla\n identified and fixed several memory safety bugs in the\n browser engine used in SeaMonkey 2.2 and other\n Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Aral Yaman reported a WebGL crash which affected\n SeaMonkey 2.2. (CVE-2011-2989)\n\n Vivekanand Bolajwar reported a JavaScript crash which\n affected SeaMonkey 2.2. (CVE-2011-2991)\n\n Bert Hubert and Theo Snelleman of Fox-IT reported a\n crash in the Ogg reader which affected SeaMonkey 2.2.\n (CVE-2011-2992)\n\n Mozilla developers and community members Robert Kaiser,\n Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong,\n Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob\n Clary and Jonathan Watt reported memory safety issues\n which affected SeaMonkey 2.2. (CVE-2011-2985)\n\n - Unsigned scripts can call script inside signed JAR\n\n Rafael Gieschke reported that unsigned JavaScript could\n call into script inside a signed JAR thereby inheriting\n the identity of the site that signed the JAR as well as\n any permissions that a user had granted the signed JAR.\n (CVE-2011-2993)\n\n - String crash using WebGL shaders\n\n Michael Jordon of Context IS reported that an overly\n long shader program could cause a buffer overrun and\n crash in a string class used to store the shader source\n code. (CVE-2011-2988)\n\n - Heap overflow in ANGLE library\n\n Michael Jordon of Context IS reported a potentially\n exploitable heap overflow in the ANGLE library used by\n Mozilla's WebGL implementation. (CVE-2011-2987)\n\n - Crash in SVGTextElement.getCharNumAtPosition()\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that a SVG text\n manipulation routine contained a dangling pointer\n vulnerability. (CVE-2011-0084)\n\n - Credential leakage using Content Security Policy reports\n\n Mike Cardwell reported that Content Security Policy\n violation reports failed to strip out proxy\n authorization credentials from the list of request\n headers. Daniel Veditz reported that redirecting to a\n website with Content Security Policy resulted in the\n incorrect resolution of hosts in the constructed policy.\n (CVE-2011-2990)\n\n - Cross-origin data theft using canvas and Windows D2D\n\n nasalislarvatus3000 reported that when using Windows D2D\n hardware acceleration, image data from one domain could\n be inserted into a canvas and read by a different\n domain. (CVE-2011-2986)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:15", "description": "This update brings Mozilla SeaMonkey to 2.3.3.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "edition": 22, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (seamonkey-5122)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_3_SEAMONKEY-110908.NASL", "href": "https://www.tenable.com/plugins/nessus/75740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5122.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75740);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-5122)\");\n script_summary(english:\"Check for the seamonkey-5122 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla SeaMonkey to 2.3.3.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714931\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-dom-inspector-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-irc-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-common-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-other-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-venkman-2.3.3-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-17T14:06:51", "description": "This update brings Mozilla Firefox to 3.6.22\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "edition": 22, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-5118)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_3_MOZILLAFIREFOX-110908.NASL", "href": "https://www.tenable.com/plugins/nessus/75655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-5118.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75655);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-5118)\");\n script_summary(english:\"Check for the MozillaFirefox-5118 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to 3.6.22\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714931\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-3.6.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-branding-upstream-3.6.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-common-3.6.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-other-3.6.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-js192-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-devel-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-gnome-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.22-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-17T14:07:01", "description": "This update brings Mozilla Thunderbird to 3.1.13.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "edition": 22, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5120)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:enigmail", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_MOZILLATHUNDERBIRD-110908.NASL", "href": "https://www.tenable.com/plugins/nessus/75667", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-5120.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75667);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5120)\");\n script_summary(english:\"Check for the MozillaThunderbird-5120 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Thunderbird to 3.1.13.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714931\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-3.1.14-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-devel-3.1.14-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-translations-common-3.1.14-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-translations-other-3.1.14-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"enigmail-1.1.2+3.1.14-0.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-17T14:08:21", "description": "Mozilla Firefox was updated to version 6.\n\nIt brings new features, fixes bugs and security issues. Following\nsecurity issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-29.html Mozilla\nFoundation Security Advisory 2011-29 (MFSA 2011-29)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo\nMiscellaneous memory safety hazards: Mozilla identified and fixed\nseveral memory safety bugs in the browser engine used in Firefox 4,\nFirefox 5 and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be\nexploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected Firefox 4 and Firefox\n5. (CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected Firefox\n4 and Firefox 5. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected Firefox 4 and Firefox 5. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected Firefox 4 and Firefox 5. (CVE-2011-2985)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Unsigned\nscripts can call script inside signed JAR Rafael Gieschke reported\nthat unsigned JavaScript could call into script inside a signed JAR\nthereby inheriting the identity of the site that signed the JAR as\nwell as any permissions that a user had granted the signed JAR.\n(CVE-2011-2993)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo String\ncrash using WebGL shaders Michael Jordon of Context IS reported that\nan overly long shader program could cause a buffer overrun and crash\nin a string class used to store the shader source code.\n(CVE-2011-2988)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Heap\noverflow in ANGLE library Michael Jordon of Context IS reported a\npotentially exploitable heap overflow in the ANGLE library used by\nMozilla's WebGL implementation. (CVE-2011-2987)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Crash in\nSVGTextElement.getCharNumAtPosition() Security researcher regenrecht\nreported via TippingPoint's Zero Day Initiative that a SVG text\nmanipulation routine contained a dangling pointer vulnerability.\n(CVE-2011-0084)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo\nCredential leakage using Content Security Policy reports Mike Cardwell\nreported that Content Security Policy violation reports failed to\nstrip out proxy authorization credentials from the list of request\nheaders. Daniel Veditz reported that redirecting to a website with\nContent Security Policy resulted in the incorrect resolution of hosts\nin the constructed policy. (CVE-2011-2990) dbg114-MozillaFirefox-5020\nMozillaFirefox-5020 new_updateinfo Cross-origin data theft using\ncanvas and Windows D2D nasalislarvatus3000 reported that when using\nWindows D2D hardware acceleration, image data from one domain could be\ninserted into a canvas and read by a different domain. (CVE-2011-2986)", "edition": 27, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0957-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox"], "id": "SUSE_11_4_MOZILLAFIREFOX-110819.NASL", "href": "https://www.tenable.com/plugins/nessus/75945", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-5020.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75945);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0957-2)\");\n script_summary(english:\"Check for the MozillaFirefox-5020 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to version 6.\n\nIt brings new features, fixes bugs and security issues. Following\nsecurity issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-29.html Mozilla\nFoundation Security Advisory 2011-29 (MFSA 2011-29)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo\nMiscellaneous memory safety hazards: Mozilla identified and fixed\nseveral memory safety bugs in the browser engine used in Firefox 4,\nFirefox 5 and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be\nexploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected Firefox 4 and Firefox\n5. (CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected Firefox\n4 and Firefox 5. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected Firefox 4 and Firefox 5. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected Firefox 4 and Firefox 5. (CVE-2011-2985)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Unsigned\nscripts can call script inside signed JAR Rafael Gieschke reported\nthat unsigned JavaScript could call into script inside a signed JAR\nthereby inheriting the identity of the site that signed the JAR as\nwell as any permissions that a user had granted the signed JAR.\n(CVE-2011-2993)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo String\ncrash using WebGL shaders Michael Jordon of Context IS reported that\nan overly long shader program could cause a buffer overrun and crash\nin a string class used to store the shader source code.\n(CVE-2011-2988)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Heap\noverflow in ANGLE library Michael Jordon of Context IS reported a\npotentially exploitable heap overflow in the ANGLE library used by\nMozilla's WebGL implementation. (CVE-2011-2987)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Crash in\nSVGTextElement.getCharNumAtPosition() Security researcher regenrecht\nreported via TippingPoint's Zero Day Initiative that a SVG text\nmanipulation routine contained a dangling pointer vulnerability.\n(CVE-2011-0084)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo\nCredential leakage using Content Security Policy reports Mike Cardwell\nreported that Content Security Policy violation reports failed to\nstrip out proxy authorization credentials from the list of request\nheaders. Daniel Veditz reported that redirecting to a website with\nContent Security Policy resulted in the incorrect resolution of hosts\nin the constructed policy. (CVE-2011-2990) dbg114-MozillaFirefox-5020\nMozillaFirefox-5020 new_updateinfo Cross-origin data theft using\ncanvas and Windows D2D nasalislarvatus3000 reported that when using\nWindows D2D hardware acceleration, image data from one domain could be\ninserted into a canvas and read by a different domain. (CVE-2011-2986)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00043.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-branding-upstream-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-buildsymbols-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debuginfo-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debugsource-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-devel-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-common-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-other-6.0-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:27", "description": "This update brings Mozilla Thunderbird to 3.1.13.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "edition": 22, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5120)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "id": "SUSE_11_4_MOZILLATHUNDERBIRD-110908.NASL", "href": "https://www.tenable.com/plugins/nessus/75967", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-5120.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75967);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5120)\");\n script_summary(english:\"Check for the MozillaThunderbird-5120 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Thunderbird to 3.1.13.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714931\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-3.1.14-0.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-buildsymbols-3.1.14-0.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debuginfo-3.1.14-0.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debugsource-3.1.14-0.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-devel-3.1.14-0.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-devel-debuginfo-3.1.14-0.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-common-3.1.14-0.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-other-3.1.14-0.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-1.1.2+3.1.14-0.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-debuginfo-1.1.2+3.1.14-0.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-17T14:08:21", "description": "This update brings Mozilla Firefox to 6.0.2.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1031-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox"], "id": "SUSE_11_4_MOZILLAFIREFOX-110908.NASL", "href": "https://www.tenable.com/plugins/nessus/75946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-5119.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75946);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1031-1)\");\n script_summary(english:\"Check for the MozillaFirefox-5119 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to 6.0.2.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-6.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-branding-upstream-6.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-buildsymbols-6.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debuginfo-6.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debugsource-6.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-devel-6.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-common-6.0.2-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-other-6.0.2-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-20T14:36:43", "description": "This update brings Mozilla SeaMonkey to 2.3.3.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "edition": 22, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (seamonkey-5122)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_4_SEAMONKEY-110908.NASL", "href": "https://www.tenable.com/plugins/nessus/76021", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5122.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76021);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-5122)\");\n script_summary(english:\"Check for the seamonkey-5122 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla SeaMonkey to 2.3.3.\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714931\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3.3-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3.3-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-20T14:36:35", "description": "This update brings Mozilla XULRunner to 1.9.2.22\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "edition": 22, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : mozilla-js192 (mozilla-js192-5127)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_4_MOZILLA-JS192-110908.NASL", "href": "https://www.tenable.com/plugins/nessus/75959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-js192-5127.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75959);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_name(english:\"openSUSE Security Update : mozilla-js192 (mozilla-js192-5127)\");\n script_summary(english:\"Check for the mozilla-js192-5127 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla XULRunner to 1.9.2.22\n\nThe purpose of this update is to blacklist the compromised DigiNotar\nCertificate Authority.\n\nFor more information read: MFSA 2011-34\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-34.html\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714931\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-js192 packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-debuginfo-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debuginfo-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debugsource-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-debuginfo-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-debuginfo-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-debuginfo-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-debuginfo-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.22-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.22-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner192\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-20T14:36:43", "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)", "edition": 27, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_4_SEAMONKEY-110819.NASL", "href": "https://www.tenable.com/plugins/nessus/76020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76020);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}