{"id": "MFSA2013-83", "lastseen": "2016-09-05T13:37:39", "viewCount": 5, "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 6.2}, "edition": 1, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2016-09-05T13:37:39", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1726"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804012", "OPENVAS:1361412562310804014", "OPENVAS:1361412562310804005", "OPENVAS:1361412562310804011", "OPENVAS:1361412562310804013", "OPENVAS:1361412562310804007", "OPENVAS:1361412562310804006", "OPENVAS:1361412562310804008", "OPENVAS:1361412562310804009", "OPENVAS:1361412562310804010"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1497-1"]}, {"type": "nessus", "idList": ["SUSE_11_MOZILLAFIREFOX-130919.NASL", "MACOSX_FIREFOX_24.NASL", "FEDORA_2013-16992.NASL", "MOZILLA_THUNDERBIRD_24.NASL", "FEDORA_2013-17047.NASL", "SEAMONKEY_221.NASL", "FREEBSD_PKG_7DFED67B20AA11E3B8D80025905A4771.NASL", "FEDORA_2013-17074.NASL", "MOZILLA_FIREFOX_24.NASL", "MACOSX_THUNDERBIRD_24_0.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13294"]}, {"type": "freebsd", "idList": ["7DFED67B-20AA-11E3-B8D8-0025905A4771"]}, {"type": "gentoo", "idList": ["GLSA-201309-23"]}], "modified": "2016-09-05T13:37:39", "rev": 2}, "vulnersScore": 6.7}, "type": "mozilla", "description": "Security researcher Seb Patane reported that the Mozilla\nUpdater does not write-lock the MAR update file when it is in use by the\nUpdater. This leaves open the possibility of altering the contents of the MAR\nfile after the signature on the file has been verified as valid but before it\nhas been used. This could allow an attacker with access to the local system to\nsilently replace the contents of the update MAR file and either replace the\ninstalled software with their own or extract and run executables files with the\nsame privileges as that of the Mozilla Updater.", "title": "Mozilla Updater does not lock MAR file after signature verification", "cvelist": ["CVE-2013-1726"], "published": "2013-09-17T00:00:00", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=890853"], "reporter": "Mozilla Foundation", "affectedSoftware": [{"version": "24", "name": "Firefox", "operator": "lt"}, {"version": "24", "name": "Thunderbird", "operator": "lt"}, {"version": "2.21", "name": "SeaMonkey", "operator": "lt"}, {"version": "17.0.9", "name": "Firefox ESR", "operator": "lt"}, {"version": "17.0.9", "name": "Thunderbird ESR", "operator": "lt"}], "modified": "2013-09-17T00:00:00", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-83/"}

{"cve": [{"lastseen": "2020-12-09T19:52:39", "description": "Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use.", "edition": 5, "cvss3": {}, "published": "2013-09-18T10:08:00", "title": "CVE-2013-1726", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1726"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:thunderbird_esr:17.0.7", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.17", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:thunderbird:17.0.8", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:2.15.2", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.13.2", "cpe:/a:mozilla:seamonkey:2.13.1", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:seamonkey:2.12", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:seamonkey:2.16", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:seamonkey:2.15", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:thunderbird:17.0.7", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:seamonkey:2.12.1", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:firefox_esr:17.0.8", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:seamonkey:2.10.1", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:seamonkey:2.13", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:seamonkey:2.10", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:seamonkey:2.15.1", "cpe:/a:mozilla:firefox_esr:17.0.7", "cpe:/a:mozilla:seamonkey:2.18", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:seamonkey:2.16.2", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:seamonkey:2.19", "cpe:/a:mozilla:seamonkey:2.14", "cpe:/a:mozilla:thunderbird_esr:17.0.8", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:seamonkey:2.17.1", "cpe:/a:mozilla:firefox:22.0", "cpe:/a:mozilla:seamonkey:2.20", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird:17.0.9", "cpe:/a:mozilla:seamonkey:2.11", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:2.16.1", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1726", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1726", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:2.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.18:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.16:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.10:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.12:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.11:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.17:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.20:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.19:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.17:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.14:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.20:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.15:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.19:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.14:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.15:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.11:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.13:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.11:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.18:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.11:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.13:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.12:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.12:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.16:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.13:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.17:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.15:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.13:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.12:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.14:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.16:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.14:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.16:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.12:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.18:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.15:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.15:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.14:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.20:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.13:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.13:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.17:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.11:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.15:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.12:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.18:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.11:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.10:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.16:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:38:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1732", "CVE-2013-1726", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with Mozilla Thunderbird ESR and is prone to multiple\nvulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804011", "type": "openvas", "title": "Mozilla Thunderbird ESR Multiple Vulnerabilities-01 Sep13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_esr_mult_vuln01_sep13_win.nasl 31965 2013-09-24 15:33:00Z sep$\n#\n# Mozilla Thunderbird ESR Multiple Vulnerabilities-01 Sep13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804011\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1722\", \"CVE-2013-1725\", \"CVE-2013-1726\",\n \"CVE-2013-1730\", \"CVE-2013-1732\", \"CVE-2013-1735\", \"CVE-2013-1736\",\n \"CVE-2013-1737\");\n script_bugtraq_id(62463, 62460, 62467, 62482, 62473, 62469, 62479, 62478, 62475);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 15:33:00 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"Mozilla Thunderbird ESR Multiple Vulnerabilities-01 Sep13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird ESR version 17.0.9 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird ESR version 17.x before 17.0.9 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54896\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird-ESR/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(tbVer =~ \"^17\\.\" && version_in_range(version:tbVer, test_version:\"17.0\",\n test_version2:\"17.0.8\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:15:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1732", "CVE-2013-1726", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804007", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804007", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 Sep13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_sep13_win.nasl 31965 2013-09-24 13:47:17Z sep$\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 Sep13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804007\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1722\", \"CVE-2013-1725\", \"CVE-2013-1726\",\n \"CVE-2013-1730\", \"CVE-2013-1732\", \"CVE-2013-1735\", \"CVE-2013-1736\",\n \"CVE-2013-1737\");\n script_bugtraq_id(62463, 62460, 62467, 62482, 62473, 62469, 62479, 62478, 62475);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 13:47:17 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 Sep13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 17.0.9 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 17.x before 17.0.9 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54896\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^17\\.\" && version_in_range(version:ffVer, test_version:\"17.0\",\n test_version2:\"17.0.8\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-25T14:53:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1732", "CVE-2013-1726", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with Mozilla Thunderbird ESR and is prone to multiple\nvulnerabilities.", "modified": "2019-06-25T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804012", "type": "openvas", "title": "Mozilla Thunderbird ESR Multiple Vulnerabilities-01 Sep13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_esr_mult_vuln01_sep13_macosx.nasl 31965 2013-09-24 15:40:41Z sep$\n#\n# Mozilla Thunderbird ESR Multiple Vulnerabilities-01 Sep13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804012\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1722\", \"CVE-2013-1725\", \"CVE-2013-1726\",\n \"CVE-2013-1730\", \"CVE-2013-1732\", \"CVE-2013-1735\", \"CVE-2013-1736\",\n \"CVE-2013-1737\");\n script_bugtraq_id(62463, 62460, 62467, 62482, 62473, 62469, 62479, 62478, 62475);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 15:40:41 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"Mozilla Thunderbird ESR Multiple Vulnerabilities-01 Sep13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird ESR version 17.0.9 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird ESR version 17.x before 17.0.9 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54896\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird-ESR/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(tbVer =~ \"^17\\.\" && version_in_range(version:tbVer, test_version:\"17.0\",\n test_version2:\"17.0.8\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:15:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1732", "CVE-2013-1726", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804008", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 Sep13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_sep13_macosx.nasl 31965 2013-09-24 13:58:55Z sep$\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 Sep13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804008\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1722\", \"CVE-2013-1725\", \"CVE-2013-1726\",\n \"CVE-2013-1730\", \"CVE-2013-1732\", \"CVE-2013-1735\", \"CVE-2013-1736\",\n \"CVE-2013-1737\");\n script_bugtraq_id(62463, 62460, 62467, 62482, 62473, 62469, 62479, 62478, 62475);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 13:58:55 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 Sep13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 17.0.9 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 17.x before 17.0.9 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54896\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^17\\.\" && version_in_range(version:ffVer, test_version:\"17.0\",\n test_version2:\"17.0.8\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:05:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804014", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804014", "type": "openvas", "title": "SeaMonkey Multiple Vulnerabilities-01 Sep13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_sep13_macosx.nasl 31965 2013-09-24 15:55:19Z sep$\n#\n# SeaMonkey Multiple Vulnerabilities-01 Sep13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804014\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1722\",\n \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\", \"CVE-2013-1726\",\n \"CVE-2013-1728\", \"CVE-2013-1730\", \"CVE-2013-1732\", \"CVE-2013-1735\",\n \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n script_bugtraq_id(62463, 62462, 62465, 62460, 62472, 62464, 62467, 62482,\n 62468, 62473, 62469, 62479, 62478, 62475, 62466);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 15:55:19 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities-01 Sep13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.21 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.21 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54899\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.21\"))\n{\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"2.21\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:05:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804013", "type": "openvas", "title": "SeaMonkey Multiple Vulnerabilities-01 Sep13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_sep13_win.nasl 31965 2013-09-24 15:47:08Z sep$\n#\n# SeaMonkey Multiple Vulnerabilities-01 Sep13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804013\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1722\",\n \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\", \"CVE-2013-1726\",\n \"CVE-2013-1728\", \"CVE-2013-1730\", \"CVE-2013-1732\", \"CVE-2013-1735\",\n \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n script_bugtraq_id(62463, 62462, 62465, 62460, 62472, 62464, 62467, 62482,\n 62468, 62473, 62469, 62479, 62478, 62475, 62466);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 15:47:08 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities-01 Sep13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.21 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.21 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54899\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.21\"))\n{\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"2.21\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:06:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804009", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804009", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 Sep13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_sep13_win.nasl 31965 2013-09-24 15:16:01Z sep$\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 Sep13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804009\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1722\",\n \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\", \"CVE-2013-1726\",\n \"CVE-2013-1728\", \"CVE-2013-1730\", \"CVE-2013-1732\", \"CVE-2013-1735\",\n \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n script_bugtraq_id(62463, 62462, 62465, 62460, 62472, 62464, 62467, 62482,\n 62468, 62473, 62469, 62479, 62478, 62475, 62466);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 15:16:01 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 Sep13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 24.0 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 24.0 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54892\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"24.0\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"24.0\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:06:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804010", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 Sep13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_sep13_macosx.nasl 31965 2013-09-24 15:23:59Z sep$\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 Sep13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804010\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1722\",\n \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\", \"CVE-2013-1726\",\n \"CVE-2013-1728\", \"CVE-2013-1730\", \"CVE-2013-1732\", \"CVE-2013-1735\",\n \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n script_bugtraq_id(62463, 62462, 62465, 62460, 62472, 62464, 62467, 62482,\n 62468, 62473, 62469, 62479, 62478, 62475, 62466);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 15:23:59 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 Sep13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 24.0 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 24.0 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54892\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"24.0\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"24.0\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:06:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804006", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 Sep13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_sep13_macosx.nasl 31965 2013-09-24 13:40:22Z sep$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 Sep13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804006\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1721\",\n \"CVE-2013-1722\", \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\",\n \"CVE-2013-1726\", \"CVE-2013-1728\", \"CVE-2013-1730\", \"CVE-2013-1732\",\n \"CVE-2013-1735\", \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n script_bugtraq_id(62463, 62462, 62465, 62470, 62460, 62472, 62464, 62467,\n 62482, 62468, 62473, 62469, 62479, 62478, 62475, 62466);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 13:40:22 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 Sep13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 24.0 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 24.0 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54892\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"24.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"24.0\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:05:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310804005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804005", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 Sep13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_sep13_win.nasl 31965 2013-09-24 11:59:47Z sep$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 Sep13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804005\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1721\",\n \"CVE-2013-1722\", \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\",\n \"CVE-2013-1726\", \"CVE-2013-1728\", \"CVE-2013-1730\", \"CVE-2013-1732\",\n \"CVE-2013-1735\", \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n script_bugtraq_id(62463, 62462, 62465, 62470, 62460, 62472, 62464, 62467,\n 62482, 62468, 62473, 62469, 62479, 62478, 62475, 62466);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:59:47 +0530 (Tue, 24 Sep 2013)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 Sep13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 24.0 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 24.0 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54892\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"24.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"24.0\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:50:35", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1737", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1705", "CVE-2013-1732", "CVE-2013-1726", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "description": "This update to Firefox 17.0.9esr (bnc#840485) addresses:\n\n * MFSA 2013-91 User-defined properties on DOM proxies\n get the wrong &quot;this&quot; object o (CVE-2013-1737)\n * MFSA 2013-90 Memory corruption involving scrolling o\n use-after-free in mozilla::layout::ScrollbarActivity\n (CVE-2013-1735) o Memory corruption in\n nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736)\n * MFSA 2013-89 Buffer overflow with multi-column,\n lists, and floats o buffer overflow at\n nsFloatManager::GetFlowArea() with multicol, list, floats\n (CVE-2013-1732)\n * MFSA 2013-88 compartment mismatch re-attaching\n XBL-backed nodes o compartment mismatch in\n nsXBLBinding::DoInitJSClass (CVE-2013-1730)\n * MFSA 2013-83 Mozilla Updater does not lock MAR file\n after signature verification o MAR signature bypass in\n Updater could lead to downgrade (CVE-2013-1726)\n * MFSA 2013-82 Calling scope for new Javascript objects\n can lead to memory corruption o ABORT: bad scope for new\n JSObjects: ReparentWrapper / document.open (CVE-2013-1725)\n * MFSA 2013-79 Use-after-free in Animation Manager\n during stylesheet cloning o Heap-use-after-free in\n nsAnimationManager::BuildAnimations (CVE-2013-1722)\n * MFSA 2013-76 Miscellaneous memory safety hazards\n (rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox\n 17.0.9 and Firefox 24.0 (CVE-2013-1718)\n * MFSA 2013-65 Buffer underflow when generating CRMF\n requests o ASAN heap-buffer-overflow (read 1) in\n cryptojs_interpret_key_gen_type (CVE-2013-1705)\n", "edition": 1, "modified": "2013-09-27T22:04:14", "published": "2013-09-27T22:04:14", "id": "SUSE-SU-2013:1497-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00005.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-09-14T18:35:04", "description": "This update to Firefox 17.0.9esr (bnc#840485) addresses :\n\n - User-defined properties on DOM proxies get the wrong\n 'this' object. (MFSA 2013-91)\n\n -. (CVE-2013-1737)\n\n - Memory corruption involving scrolling. (MFSA 2013-90)\n\n - use-after-free in mozilla::layout::ScrollbarActivity.\n (CVE-2013-1735)\n\n - Memory corruption in nsGfxScrollFrameInner::IsLTR().\n (CVE-2013-1736)\n\n - Buffer overflow with multi-column, lists, and floats.\n (MFSA 2013-89)\n\n - buffer overflow at nsFloatManager::GetFlowArea() with\n multicol, list, floats. (CVE-2013-1732)\n\n - compartment mismatch re-attaching XBL-backed nodes.\n (MFSA 2013-88)\n\n - compartment mismatch in nsXBLBinding::DoInitJSClass.\n (CVE-2013-1730)\n\n - Mozilla Updater does not lock MAR file after signature\n verification. (MFSA 2013-83)\n\n - MAR signature bypass in Updater could lead to downgrade.\n (CVE-2013-1726)\n\n - Calling scope for new JavaScript objects can lead to\n memory corruption. (MFSA 2013-82)\n\n - ABORT: bad scope for new JSObjects: ReparentWrapper /\n document.open. (CVE-2013-1725)\n\n - Use-after-free in Animation Manager during stylesheet\n cloning. (MFSA 2013-79)\n\n - Heap-use-after-free in\n nsAnimationManager::BuildAnimations. (CVE-2013-1722)\n\n - Miscellaneous memory safety hazards (rv:24.0 /\n rv:17.0.9). (MFSA 2013-76)\n\n - Memory safety bugs fixed in Firefox 17.0.9 and Firefox\n 24.0. (CVE-2013-1718)\n\n - Buffer underflow when generating CRMF requests. (MFSA\n 2013-65)\n\n - ASAN heap-buffer-overflow (read 1) in\n cryptojs_interpret_key_gen_type (CVE-2013-1705)", "edition": 17, "published": "2013-09-28T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8344 / 8346)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1705", "CVE-2013-1732", "CVE-2013-1726", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "modified": "2013-09-28T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox"], "id": "SUSE_11_MOZILLAFIREFOX-130919.NASL", "href": "https://www.tenable.com/plugins/nessus/70189", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70189);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-1705\", \"CVE-2013-1718\", \"CVE-2013-1722\", \"CVE-2013-1725\", \"CVE-2013-1726\", \"CVE-2013-1730\", \"CVE-2013-1732\", \"CVE-2013-1735\", \"CVE-2013-1736\", \"CVE-2013-1737\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8344 / 8346)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Firefox 17.0.9esr (bnc#840485) addresses :\n\n - User-defined properties on DOM proxies get the wrong\n 'this' object. (MFSA 2013-91)\n\n -. (CVE-2013-1737)\n\n - Memory corruption involving scrolling. (MFSA 2013-90)\n\n - use-after-free in mozilla::layout::ScrollbarActivity.\n (CVE-2013-1735)\n\n - Memory corruption in nsGfxScrollFrameInner::IsLTR().\n (CVE-2013-1736)\n\n - Buffer overflow with multi-column, lists, and floats.\n (MFSA 2013-89)\n\n - buffer overflow at nsFloatManager::GetFlowArea() with\n multicol, list, floats. (CVE-2013-1732)\n\n - compartment mismatch re-attaching XBL-backed nodes.\n (MFSA 2013-88)\n\n - compartment mismatch in nsXBLBinding::DoInitJSClass.\n (CVE-2013-1730)\n\n - Mozilla Updater does not lock MAR file after signature\n verification. (MFSA 2013-83)\n\n - MAR signature bypass in Updater could lead to downgrade.\n (CVE-2013-1726)\n\n - Calling scope for new JavaScript objects can lead to\n memory corruption. (MFSA 2013-82)\n\n - ABORT: bad scope for new JSObjects: ReparentWrapper /\n document.open. (CVE-2013-1725)\n\n - Use-after-free in Animation Manager during stylesheet\n cloning. (MFSA 2013-79)\n\n - Heap-use-after-free in\n nsAnimationManager::BuildAnimations. (CVE-2013-1722)\n\n - Miscellaneous memory safety hazards (rv:24.0 /\n rv:17.0.9). (MFSA 2013-76)\n\n - Memory safety bugs fixed in Firefox 17.0.9 and Firefox\n 24.0. (CVE-2013-1718)\n\n - Buffer underflow when generating CRMF requests. (MFSA\n 2013-65)\n\n - ASAN heap-buffer-overflow (read 1) in\n cryptojs_interpret_key_gen_type (CVE-2013-1705)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-76.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-79.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-82.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-83.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-88.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-89.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-90.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-91.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=840485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1705.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1718.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1722.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1725.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1726.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1730.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1732.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1735.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1736.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1737.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8344 / 8346 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"MozillaFirefox-17.0.9esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"MozillaFirefox-translations-17.0.9esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"MozillaFirefox-17.0.9esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-17.0.9esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-17.0.9esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-17.0.9esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-17.0.9esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-17.0.9esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"MozillaFirefox-17.0.9esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"MozillaFirefox-translations-17.0.9esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-17.0.9esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-translations-17.0.9esr-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:48:54", "description": "The installed version of Firefox is earlier than 24.0 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - The ANGLE library is vulnerable to an integer overflow,\n which could result in a denial of service or arbitrary\n code execution. (CVE-2013-1721)\n\n - Multiple use-after-free problems exist that could result\n in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724, CVE-2013-1735,\n CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service attack.\n (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments could result in denial of service or\n possibly arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker could\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch can result in a denial\n of service or arbitrary code execution. Versions of\n Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This could\n result in access restrictions being bypassed.\n (CVE-2013-1737)", "edition": 24, "published": "2013-09-19T00:00:00", "title": "Firefox < 24.0 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_24.NASL", "href": "https://www.tenable.com/plugins/nessus/69993", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69993);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-1718\",\n \"CVE-2013-1719\",\n \"CVE-2013-1720\",\n \"CVE-2013-1721\",\n \"CVE-2013-1722\",\n \"CVE-2013-1723\",\n \"CVE-2013-1724\",\n \"CVE-2013-1725\",\n \"CVE-2013-1726\",\n \"CVE-2013-1728\",\n \"CVE-2013-1730\",\n \"CVE-2013-1732\",\n \"CVE-2013-1735\",\n \"CVE-2013-1736\",\n \"CVE-2013-1737\",\n \"CVE-2013-1738\"\n );\n script_bugtraq_id(\n 62460,\n 62462,\n 62463,\n 62464,\n 62465,\n 62466,\n 62467,\n 62468,\n 62469,\n 62470,\n 62472,\n 62473,\n 62475,\n 62478,\n 62479,\n 62482\n );\n\n script_name(english:\"Firefox < 24.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 24.0 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - The ANGLE library is vulnerable to an integer overflow,\n which could result in a denial of service or arbitrary\n code execution. (CVE-2013-1721)\n\n - Multiple use-after-free problems exist that could result\n in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724, CVE-2013-1735,\n CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service attack.\n (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments could result in denial of service or\n possibly arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker could\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch can result in a denial\n of service or arbitrary code execution. Versions of\n Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This could\n result in access restrictions being bypassed.\n (CVE-2013-1737)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-76/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-77/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-78/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-79/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-80/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-81/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-82/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-83/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-85/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-88/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-89/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-90/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-91/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-92/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 24.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1736\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'24.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:32:22", "description": "The installed version of SeaMonkey is earlier than 2.21 and thus, is\npotentially affected by the following vulnerabilities :\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - The ANGLE library is vulnerable to an integer overflow,\n which could result in a denial of service or arbitrary\n code execution. (CVE-2013-1721)\n\n - Multiple use-after-free problems exist, which could\n result in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724, CVE-2013-1735,\n CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service\n attack. (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments could result in denial of service or\n possibly arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker could\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch could result in a\n denial of service or arbitrary code execution. Versions\n of Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This could\n result in access restrictions being bypassed.\n (CVE-2013-1737)", "edition": 24, "published": "2013-09-19T00:00:00", "title": "SeaMonkey < 2.21 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_221.NASL", "href": "https://www.tenable.com/plugins/nessus/69996", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69996);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-1718\",\n \"CVE-2013-1719\",\n \"CVE-2013-1720\",\n \"CVE-2013-1721\",\n \"CVE-2013-1722\",\n \"CVE-2013-1723\",\n \"CVE-2013-1724\",\n \"CVE-2013-1725\",\n \"CVE-2013-1726\",\n \"CVE-2013-1728\",\n \"CVE-2013-1730\",\n \"CVE-2013-1732\",\n \"CVE-2013-1735\",\n \"CVE-2013-1736\",\n \"CVE-2013-1737\",\n \"CVE-2013-1738\"\n );\n script_bugtraq_id(\n 62460,\n 62462,\n 62463,\n 62464,\n 62465,\n 62466,\n 62467,\n 62468,\n 62469,\n 62470,\n 62472,\n 62473,\n 62475,\n 62478,\n 62479,\n 62482\n );\n\n script_name(english:\"SeaMonkey < 2.21 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of SeaMonkey is earlier than 2.21 and thus, is\npotentially affected by the following vulnerabilities :\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - The ANGLE library is vulnerable to an integer overflow,\n which could result in a denial of service or arbitrary\n code execution. (CVE-2013-1721)\n\n - Multiple use-after-free problems exist, which could\n result in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724, CVE-2013-1735,\n CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service\n attack. (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments could result in denial of service or\n possibly arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker could\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch could result in a\n denial of service or arbitrary code execution. Versions\n of Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This could\n result in access restrictions being bypassed.\n (CVE-2013-1737)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-76/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-77/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-78/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-79/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-80/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-81/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-82/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-83/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-85/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-86/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-88/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-89/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-90/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-91/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-92/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SeaMonkey 2.21 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1736\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.21', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:28:05", "description": "The installed version of Firefox is earlier than 24.0 and is,\ntherefore, potentially affected by multiple vulnerabilities :\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - The ANGLE library is vulnerable to an integer overflow,\n which could result in a denial of service or arbitrary\n code execution. (CVE-2013-1721)\n\n - Multiple use-after-free problems exist, which could\n result in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724,\n CVE-2013-1735, CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service attack.\n (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments can result in denial of service or possibly\n arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker can\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch can result in a denial\n of service or arbitrary code execution. Versions of\n Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This can\n result in access restrictions being bypassed.\n (CVE-2013-1737)\n\n - An issue in the NVIDIA OS X graphic drivers allows the\n user's desktop to be viewed by web content, potentially\n exposing sensitive information. (CVE-2013-1729)", "edition": 25, "published": "2013-09-19T00:00:00", "title": "Firefox < 24.0 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1729", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_24.NASL", "href": "https://www.tenable.com/plugins/nessus/69989", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69989);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-1718\",\n \"CVE-2013-1719\",\n \"CVE-2013-1720\",\n \"CVE-2013-1721\",\n \"CVE-2013-1722\",\n \"CVE-2013-1723\",\n \"CVE-2013-1724\",\n \"CVE-2013-1725\",\n \"CVE-2013-1726\",\n \"CVE-2013-1728\",\n \"CVE-2013-1729\",\n \"CVE-2013-1730\",\n \"CVE-2013-1732\",\n \"CVE-2013-1735\",\n \"CVE-2013-1736\",\n \"CVE-2013-1737\",\n \"CVE-2013-1738\"\n );\n script_bugtraq_id(\n 62460,\n 62462,\n 62463,\n 62464,\n 62465,\n 62466,\n 62467,\n 62468,\n 62469,\n 62470,\n 62472,\n 62473,\n 62474,\n 62475,\n 62478,\n 62479,\n 62482\n );\n\n script_name(english:\"Firefox < 24.0 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 24.0 and is,\ntherefore, potentially affected by multiple vulnerabilities :\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - The ANGLE library is vulnerable to an integer overflow,\n which could result in a denial of service or arbitrary\n code execution. (CVE-2013-1721)\n\n - Multiple use-after-free problems exist, which could\n result in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724,\n CVE-2013-1735, CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service attack.\n (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments can result in denial of service or possibly\n arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker can\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch can result in a denial\n of service or arbitrary code execution. Versions of\n Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This can\n result in access restrictions being bypassed.\n (CVE-2013-1737)\n\n - An issue in the NVIDIA OS X graphic drivers allows the\n user's desktop to be viewed by web content, potentially\n exposing sensitive information. (CVE-2013-1729)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-76/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-77/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-78/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-79/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-80/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-81/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-82/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-83/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-85/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-86/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-88/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-89/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-90/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-91/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-92/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 24.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1736\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'24.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:40:59", "description": "The installed version of Thunderbird is a version prior to 24.0.\nIt is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - Multiple use-after-free problems exist, which could\n result in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724,\n CVE-2013-1735, CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service attack.\n (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments could result in denial of service or\n possibly arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker could\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch could result in a\n denial of service or arbitrary code execution. Versions\n of Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This could\n result in access restrictions being bypassed.\n (CVE-2013-1737)\n\n - An input validation error exists related to email\n messages containing HTML and iframes and the action of\n replying to or forwarding such messages that could\n allow cross-site scripting attacks. (CVE-2013-6674)\n\n - An input validation error exists related to email\n messages containing HTML and object or embed elements\n that could allow cross-site scripting attacks.\n (CVE-2014-2018)", "edition": 24, "published": "2013-09-19T00:00:00", "title": "Thunderbird 17.x through 23.x Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-6674", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2014-2018", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_24_0.NASL", "href": "https://www.tenable.com/plugins/nessus/69991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69991);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-1718\",\n \"CVE-2013-1719\",\n \"CVE-2013-1720\",\n \"CVE-2013-1722\",\n \"CVE-2013-1723\",\n \"CVE-2013-1724\",\n \"CVE-2013-1725\",\n \"CVE-2013-1726\",\n \"CVE-2013-1728\",\n \"CVE-2013-1730\",\n \"CVE-2013-1732\",\n \"CVE-2013-1735\",\n \"CVE-2013-1736\",\n \"CVE-2013-1737\",\n \"CVE-2013-1738\",\n \"CVE-2013-6674\",\n \"CVE-2014-2018\"\n );\n script_bugtraq_id(\n 62460,\n 62462,\n 62463,\n 62464,\n 62465,\n 62466,\n 62467,\n 62468,\n 62469,\n 62472,\n 62473,\n 62475,\n 62478,\n 62479,\n 62482,\n 65158,\n 65620\n );\n script_xref(name:\"CERT\", value:\"863369\");\n script_xref(name:\"EDB-ID\", value:\"31223\");\n\n script_name(english:\"Thunderbird 17.x through 23.x Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is a version prior to 24.0.\nIt is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - Multiple use-after-free problems exist, which could\n result in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724,\n CVE-2013-1735, CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service attack.\n (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments could result in denial of service or\n possibly arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker could\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch could result in a\n denial of service or arbitrary code execution. Versions\n of Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This could\n result in access restrictions being bypassed.\n (CVE-2013-1737)\n\n - An input validation error exists related to email\n messages containing HTML and iframes and the action of\n replying to or forwarding such messages that could\n allow cross-site scripting attacks. (CVE-2013-6674)\n\n - An input validation error exists related to email\n messages containing HTML and object or embed elements\n that could allow cross-site scripting attacks.\n (CVE-2014-2018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-76/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-77/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-79/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-80/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-81/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-82/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-83/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-85/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-88/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-89/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-90/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-91/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-92/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-14/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Thunderbird 24.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1736\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'24.0', min:'17.0', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:52:30", "description": "The installed version of Thunderbird is 17.x or later but prior\nto 24. It is, therefore, potentially affected the following\nvulnerabilities:\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - The ANGLE library is vulnerable to an integer overflow,\n which could result in a denial of service or arbitrary\n code execution. (CVE-2013-1721)\n\n - Multiple use-after-free problems exist, which could\n result in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724,\n CVE-2013-1735, CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service attack.\n (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments could result in denial of service or\n possibly arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker could\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch could result in a\n denial of service or arbitrary code execution. Versions\n of Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This could\n result in access restrictions being bypassed.\n (CVE-2013-1737)\n\n - An input validation error exists related to email\n messages containing HTML and iframes and the action of\n replying to or forwarding such messages that could\n allow cross-site scripting attacks. (CVE-2013-6674)\n\n - An input validation error exists related to email\n messages containing HTML and object or embed elements\n that could allow cross-site scripting attacks.\n (CVE-2014-2018)", "edition": 24, "published": "2013-09-19T00:00:00", "title": "Mozilla Thunderbird 17.x through 23.x Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-6674", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2014-2018", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1722"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_24.NASL", "href": "https://www.tenable.com/plugins/nessus/69995", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69995);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-1718\",\n \"CVE-2013-1719\",\n \"CVE-2013-1720\",\n \"CVE-2013-1721\",\n \"CVE-2013-1722\",\n \"CVE-2013-1723\",\n \"CVE-2013-1724\",\n \"CVE-2013-1725\",\n \"CVE-2013-1726\",\n \"CVE-2013-1728\",\n \"CVE-2013-1730\",\n \"CVE-2013-1732\",\n \"CVE-2013-1735\",\n \"CVE-2013-1736\",\n \"CVE-2013-1737\",\n \"CVE-2013-1738\",\n \"CVE-2013-6674\",\n \"CVE-2014-2018\"\n );\n script_bugtraq_id(\n 62460,\n 62462,\n 62463,\n 62464,\n 62465,\n 62466,\n 62467,\n 62468,\n 62469,\n 62470,\n 62472,\n 62473,\n 62475,\n 62478,\n 62479,\n 62482,\n 65158,\n 65620\n );\n script_xref(name:\"CERT\", value:\"863369\");\n script_xref(name:\"EDB-ID\", value:\"31223\");\n\n script_name(english:\"Mozilla Thunderbird 17.x through 23.x Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is 17.x or later but prior\nto 24. It is, therefore, potentially affected the following\nvulnerabilities:\n\n - Memory issues exist in the browser engine that could\n allow for denial of service or arbitrary code execution.\n (CVE-2013-1718, CVE-2013-1719)\n\n - The HTML5 Tree Builder does not properly maintain\n states, which could result in a denial of service or\n possible arbitrary code execution. (CVE-2013-1720)\n\n - The ANGLE library is vulnerable to an integer overflow,\n which could result in a denial of service or arbitrary\n code execution. (CVE-2013-1721)\n\n - Multiple use-after-free problems exist, which could\n result in denial of service attacks or arbitrary code\n execution. (CVE-2013-1722, CVE-2013-1724,\n CVE-2013-1735, CVE-2013-1736, CVE-2013-1738)\n\n - The NativeKey widget does not properly terminate key\n messages, possibly leading to a denial of service attack.\n (CVE-2013-1723)\n\n - Incorrect scope handling for JavaScript objects with\n compartments could result in denial of service or\n possibly arbitrary code execution. (CVE-2013-1725)\n\n - Local users can gain the same privileges as the Mozilla\n Updater because the application does not ensure\n exclusive access to the update file. An attacker could\n exploit this by inserting a malicious file into the\n update file. (CVE-2013-1726)\n\n - Sensitive information can be obtained via unspecified\n vectors because the IonMonkey JavaScript does not\n properly initialize memory. (CVE-2013-1728)\n\n - A JavaScript compartment mismatch could result in a\n denial of service or arbitrary code execution. Versions\n of Firefox 20 or greater are not susceptible to the\n arbitrary code execution mentioned above.\n (CVE-2013-1730)\n\n - A buffer overflow is possible because of an issue with\n multi-column layouts. (CVE-2013-1732)\n\n - An object is not properly identified during use of\n user-defined getter methods on DOM proxies. This could\n result in access restrictions being bypassed.\n (CVE-2013-1737)\n\n - An input validation error exists related to email\n messages containing HTML and iframes and the action of\n replying to or forwarding such messages that could\n allow cross-site scripting attacks. (CVE-2013-6674)\n\n - An input validation error exists related to email\n messages containing HTML and object or embed elements\n that could allow cross-site scripting attacks.\n (CVE-2014-2018)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-76/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-77/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-78/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-79/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-80/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-81/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-82/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-83/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-85/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-88/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-89/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-90/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-91/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-92/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-14/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Thunderbird 24 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1736\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'24', min:'17.0', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:07", "description": "Upstream update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-09-23T00:00:00", "title": "Fedora 20 : firefox-24.0-1.fc20 / xulrunner-24.0-2.fc20 (2013-17074)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1729", "CVE-2013-1731", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1727", "CVE-2013-1722"], "modified": "2013-09-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-17074.NASL", "href": "https://www.tenable.com/plugins/nessus/70062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-17074.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70062);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1721\", \"CVE-2013-1722\", \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\", \"CVE-2013-1726\", \"CVE-2013-1727\", \"CVE-2013-1728\", \"CVE-2013-1729\", \"CVE-2013-1730\", \"CVE-2013-1731\", \"CVE-2013-1732\", \"CVE-2013-1735\", \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n script_xref(name:\"FEDORA\", value:\"2013-17074\");\n\n script_name(english:\"Fedora 20 : firefox-24.0-1.fc20 / xulrunner-24.0-2.fc20 (2013-17074)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b51d7b5f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/116611.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de456377\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"firefox-24.0-1.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"xulrunner-24.0-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:05", "description": "Upstream security update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-09-21T00:00:00", "title": "Fedora 19 : firefox-24.0-1.fc19 / xulrunner-24.0-2.fc19 (2013-16992)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1729", "CVE-2013-1731", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1727", "CVE-2013-1722"], "modified": "2013-09-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-16992.NASL", "href": "https://www.tenable.com/plugins/nessus/70036", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-16992.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70036);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1721\", \"CVE-2013-1722\", \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\", \"CVE-2013-1726\", \"CVE-2013-1727\", \"CVE-2013-1728\", \"CVE-2013-1729\", \"CVE-2013-1730\", \"CVE-2013-1731\", \"CVE-2013-1732\", \"CVE-2013-1735\", \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n script_xref(name:\"FEDORA\", value:\"2013-16992\");\n\n script_name(english:\"Fedora 19 : firefox-24.0-1.fc19 / xulrunner-24.0-2.fc19 (2013-16992)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream security update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115906.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da2f1c51\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5a99ee6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"firefox-24.0-1.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"xulrunner-24.0-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:07", "description": "Upstream security update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-09-30T00:00:00", "title": "Fedora 18 : firefox-24.0-1.fc18 / xulrunner-24.0-2.fc18 (2013-17047)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1729", "CVE-2013-1731", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1727", "CVE-2013-1722"], "modified": "2013-09-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:firefox"], "id": "FEDORA_2013-17047.NASL", "href": "https://www.tenable.com/plugins/nessus/70205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-17047.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70205);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1721\", \"CVE-2013-1722\", \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\", \"CVE-2013-1726\", \"CVE-2013-1727\", \"CVE-2013-1728\", \"CVE-2013-1729\", \"CVE-2013-1730\", \"CVE-2013-1731\", \"CVE-2013-1732\", \"CVE-2013-1735\", \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n script_xref(name:\"FEDORA\", value:\"2013-17047\");\n\n script_name(english:\"Fedora 18 : firefox-24.0-1.fc18 / xulrunner-24.0-2.fc18 (2013-17047)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream security update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117525.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2e8007e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aca85575\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"firefox-24.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"xulrunner-24.0-2.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:46:19", "description": "The Mozilla Project reports :\n\nMFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)\n\nMFSA 2013-77 Improper state in HTML5 Tree Builder with templates\n\nMFSA 2013-78 Integer overflow in ANGLE library\n\nMFSA 2013-79 Use-after-free in Animation Manager during stylesheet\ncloning\n\nMFSA 2013-80 NativeKey continues handling key messages after widget is\ndestroyed\n\nMFSA 2013-81 Use-after-free with select element\n\nMFSA 2013-82 Calling scope for new JavaScript objects can lead to\nmemory corruption\n\nMFSA 2013-83 Mozilla Updater does not lock MAR file after signature\nverification\n\nMFSA 2013-84 Same-origin bypass through symbolic links\n\nMFSA 2013-85 Uninitialized data in IonMonkey\n\nMFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic\ndrivers\n\nMFSA 2013-87 Shared object library loading from writable location\n\nMFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes\n\nMFSA 2013-89 Buffer overflow with multi-column, lists, and floats\n\nMFSA 2013-90 Memory corruption involving scrolling\n\nMFSA 2013-91 User-defined properties on DOM proxies get the wrong\n'this' object\n\nMFSA 2013-92 GC hazard with default compartments and frame chain\nrestoration", "edition": 23, "published": "2013-10-02T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1729", "CVE-2013-1731", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1727", "CVE-2013-1722"], "modified": "2013-10-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird"], "id": "FREEBSD_PKG_7DFED67B20AA11E3B8D80025905A4771.NASL", "href": "https://www.tenable.com/plugins/nessus/70262", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70262);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1718\", \"CVE-2013-1719\", \"CVE-2013-1720\", \"CVE-2013-1721\", \"CVE-2013-1722\", \"CVE-2013-1723\", \"CVE-2013-1724\", \"CVE-2013-1725\", \"CVE-2013-1726\", \"CVE-2013-1727\", \"CVE-2013-1728\", \"CVE-2013-1729\", \"CVE-2013-1730\", \"CVE-2013-1731\", \"CVE-2013-1732\", \"CVE-2013-1735\", \"CVE-2013-1736\", \"CVE-2013-1737\", \"CVE-2013-1738\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)\n\nMFSA 2013-77 Improper state in HTML5 Tree Builder with templates\n\nMFSA 2013-78 Integer overflow in ANGLE library\n\nMFSA 2013-79 Use-after-free in Animation Manager during stylesheet\ncloning\n\nMFSA 2013-80 NativeKey continues handling key messages after widget is\ndestroyed\n\nMFSA 2013-81 Use-after-free with select element\n\nMFSA 2013-82 Calling scope for new JavaScript objects can lead to\nmemory corruption\n\nMFSA 2013-83 Mozilla Updater does not lock MAR file after signature\nverification\n\nMFSA 2013-84 Same-origin bypass through symbolic links\n\nMFSA 2013-85 Uninitialized data in IonMonkey\n\nMFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic\ndrivers\n\nMFSA 2013-87 Shared object library loading from writable location\n\nMFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes\n\nMFSA 2013-89 Buffer overflow with multi-column, lists, and floats\n\nMFSA 2013-90 Memory corruption involving scrolling\n\nMFSA 2013-91 User-defined properties on DOM proxies get the wrong\n'this' object\n\nMFSA 2013-92 GC hazard with default compartments and frame chain\nrestoration\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-76.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-76/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-77.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-77/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-78.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-78/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-79.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-79/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-80.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-80/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-81.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-81/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-82/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-83.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-83/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-84.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-84/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-85.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-85/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-86.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-86/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-87.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-87/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-88.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-88/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-89.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-89/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-90.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-90/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-91.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-91/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-92.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-92/\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/\"\n );\n # https://vuxml.freebsd.org/freebsd/7dfed67b-20aa-11e3-b8d8-0025905a4771.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ffba7b83\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>18.0,1<24.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox<17.0.9,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<17.0.9,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.21\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<17.0.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.21\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<24.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1729", "CVE-2013-1731", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1727", "CVE-2013-1722"], "description": "\nThe Mozilla Project reports:\n\n MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 /\n\t rv:17.0.9)\n MFSA 2013-77 Improper state in HTML5 Tree Builder with templates\n MFSA 2013-78 Integer overflow in ANGLE library\n MFSA 2013-79 Use-after-free in Animation Manager during stylesheet\n\t cloning\n MFSA 2013-80 NativeKey continues handling key messages after\n\t widget is destroyed\n MFSA 2013-81 Use-after-free with select element\n MFSA 2013-82 Calling scope for new Javascript objects can lead to\n\t memory corruption\n MFSA 2013-83 Mozilla Updater does not lock MAR file after\n\t signature verification\n MFSA 2013-84 Same-origin bypass through symbolic links\n MFSA 2013-85 Uninitialized data in IonMonkey\n MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA\n\t graphic drivers\n MFSA 2013-87 Shared object library loading from writable location\n MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes\n MFSA 2013-89 Buffer overflow with multi-column, lists, and floats\n MFSA 2013-90 Memory corruption involving scrolling\n MFSA 2013-91 User-defined properties on DOM proxies get the wrong\n\t \"this\" object\n MFSA 2013-92 GC hazard with default compartments and frame chain\n\t restoration\n\n", "edition": 4, "modified": "2013-09-19T00:00:00", "published": "2013-08-17T00:00:00", "id": "7DFED67B-20AA-11E3-B8D8-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/7dfed67b-20aa-11e3-b8d8-0025905a4771.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-1737", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-1724", "CVE-2013-1732", "CVE-2013-1720", "CVE-2013-1721", "CVE-2013-1723", "CVE-2013-1726", "CVE-2013-1738", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1729", "CVE-2013-1731", "CVE-2013-1736", "CVE-2013-1718", "CVE-2013-1727", "CVE-2013-1722"], "description": "Memory corruptions, integer overdlows, privilege escalations, code executions, information leakage.", "edition": 1, "modified": "2013-10-01T00:00:00", "published": "2013-10-01T00:00:00", "id": "SECURITYVULNS:VULN:13294", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13294", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:05", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-0797", "CVE-2013-1671", "CVE-2013-1737", "CVE-2013-1709", "CVE-2013-1678", "CVE-2013-0763", "CVE-2013-0777", "CVE-2013-0765", "CVE-2013-0783", "CVE-2013-1670", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-0746", "CVE-2013-0791", "CVE-2013-0766", "CVE-2013-1707", "CVE-2013-1697", "CVE-2013-1705", "CVE-2013-0787", "CVE-2013-0794", "CVE-2013-0747", "CVE-2013-1694", "CVE-2013-1680", "CVE-2013-1724", "CVE-2013-0751", "CVE-2013-0780", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2013-1720", "CVE-2013-0748", "CVE-2013-1679", "CVE-2013-0778", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-1702", "CVE-2013-0796", "CVE-2013-1723", "CVE-2013-0782", "CVE-2013-1726", "CVE-2013-0800", "CVE-2013-1681", "CVE-2013-0773", "CVE-2013-0754", "CVE-2013-1708", "CVE-2013-1738", "CVE-2013-1712", "CVE-2013-0788", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-0784", "CVE-2013-1690", "CVE-2013-0775", "CVE-2013-0801", "CVE-2013-1714", "CVE-2013-0769", "CVE-2013-1704", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0779", "CVE-2013-1701", "CVE-2013-1684", "CVE-2013-1676", "CVE-2013-0789", "CVE-2013-0799", "CVE-2013-1675", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-1682", "CVE-2013-1674", "CVE-2013-0762", "CVE-2013-0792", "CVE-2013-1713", "CVE-2013-0774", "CVE-2013-0753", "CVE-2013-1736", "CVE-2013-0776", "CVE-2013-1718", "CVE-2013-1717", "CVE-2013-1693", "CVE-2013-0750", "CVE-2013-1677", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0793", "CVE-2013-0781", "CVE-2013-0772", "CVE-2013-1722", "CVE-2013-1711", "CVE-2013-1710", "CVE-2013-0758", "CVE-2013-0764"], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-17.0.9\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-17.0.9\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-17.0.9\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-17.0.9\"\n \n\nAll SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.21\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.21\"", "edition": 1, "modified": "2013-09-27T00:00:00", "published": "2013-09-27T00:00:00", "id": "GLSA-201309-23", "href": "https://security.gentoo.org/glsa/201309-23", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}