ID CENTOS_RHSA-2016-1985.NASL Type nessus Reporter Tenable Modified 2018-11-10T00:00:00
Description
An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 45.4.0.
Security Fix(es) :
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2016:1985 and
# CentOS Errata and Security Advisory 2016:1985 respectively.
#
include("compat.inc");
if (description)
{
script_id(93830);
script_version("2.9");
script_cvs_date("Date: 2018/11/10 11:49:32");
script_cve_id("CVE-2016-5257");
script_xref(name:"RHSA", value:"2016:1985");
script_name(english:"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An update for thunderbird is now available for Red Hat Enterprise
Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 45.4.0.
Security Fix(es) :
* Multiple flaws were found in the processing of malformed web
content. A web page containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2016-5257)
Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan
Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp
and Carsten Book as the original reporters."
);
# https://lists.centos.org/pipermail/centos-announce/2016-October/022107.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?e00c05a3"
);
# https://lists.centos.org/pipermail/centos-announce/2016-October/022108.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?22dab22b"
);
# https://lists.centos.org/pipermail/centos-announce/2016-October/022109.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?fce8833f"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected thunderbird package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:thunderbird");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS");
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-5", reference:"thunderbird-45.4.0-1.el5.centos")) flag++;
if (rpm_check(release:"CentOS-6", reference:"thunderbird-45.4.0-1.el6.centos")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"thunderbird-45.4.0-1.el7.centos")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "CENTOS_RHSA-2016-1985.NASL", "bulletinFamily": "scanner", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "published": "2016-10-04T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "reporter": "Tenable", "references": ["http://www.nessus.org/u?e00c05a3", "http://www.nessus.org/u?22dab22b", "http://www.nessus.org/u?fce8833f"], "cvelist": ["CVE-2016-5257"], "type": "nessus", "lastseen": "2018-11-11T12:53:06", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 4, "hash": "bcf05a6ca92fa5f9ca26f319b4b6b86b91ead398556a47e1cfaeede91f54bec6", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "bc50c9c8fedbf103c8983307038c2ee3", "key": "sourceData"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "0416e7762cb900088c87342ca21f0680", "key": "modified"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2016-10-18T21:25:10", "modified": "2016-10-18T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/10/18 14:03:57 $\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_osvdb_id(144614, 144615, 144616, 144617, 144618, 144619, 144620, 144621, 144623);\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n script_xref(name:\"IAVA\", value:\"2016-A-0252\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2016-10-18T21:25:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "5173fe08a2f1d15d4255a69d7af7087a969d88df1c0348c2471e844c1ece2e66", "hashmap": [{"hash": "77fc6a6e95dee9a1e4d3726560063eef", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "0e1ae051ab924c9433ec85a9b49cc83f", "key": "sourceData"}, {"hash": "db4a08647e1943b28656057a59261f29", "key": "cpe"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2017-10-29T13:39:24", "modified": "2016-11-17T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/11/17 21:12:11 $\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_osvdb_id(144614, 144615, 144616, 144617, 144618, 144619, 144620, 144621, 144623);\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2017-10-29T13:39:24"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 8, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "f22a05df4952c8ba3ee5539f92ec9431650e5d308f8d8dc7c9bd1c31d47578e1", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "25b49027a9d131858d8d4470a8305397", "key": "sourceData"}, {"hash": "db4a08647e1943b28656057a59261f29", "key": "cpe"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2018-07-03T09:56:35", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/07/02 18:48:54\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 8, "lastseen": "2018-07-03T09:56:35"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 5, "hash": "d21ee0f9f7951d277a855f45b99bcc37cf48817503cbb5919a15c03c91de8dbb", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "f072f2aa0c4e55e090969a3c1cff3afb", "key": "modified"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "dd828ed16a73604a4a83190a1b85dc20", "key": "sourceData"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2016-10-29T05:25:14", "modified": "2016-10-28T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/28 21:03:36 $\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_osvdb_id(144614, 144615, 144616, 144617, 144618, 144619, 144620, 144621, 144623);\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2016-10-29T05:25:14"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 1, "hash": "c2451c7d656e3e42f7a0fcab096fba36ffa38bbfa3fb7d0edb1deababf2b1c4f", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "modified"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "e4ddbb715a3005d984d4a0dde58ba23f", "key": "sourceData"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2016-10-04T21:25:02", "modified": "2016-10-04T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/10/04 16:54:13 $\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-10-04T21:25:02"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 2, "hash": "94f11716f0fc3c1142e7664e654e75b40ec80af5dff4c5717eecca9776add3a5", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "e4a43831c3308ce518c0c8868f8a74cf", "key": "modified"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b6f380daa18f8227ccbef446497b73c5", "key": "sourceData"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2016-10-06T21:25:04", "modified": "2016-10-06T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/06 13:21:19 $\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_osvdb_id(144614, 144615, 144616, 144617, 144618, 144619, 144620, 144621, 144623);\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2016-10-06T21:25:04"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 9, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a06cfe14e29ce70f294a12f27de9d5a51af4bb7f42d5ff5eb4b8503a01f92a86", "hashmap": [{"hash": "3c92b24c0a154ee4e6191c81517df6eb", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "db4a08647e1943b28656057a59261f29", "key": "cpe"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "270fe33c6905066e8553c1eba5f08315", "key": "modified"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2018-07-04T05:56:02", "modified": "2018-07-03T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/03 15:35:24\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 9, "lastseen": "2018-07-04T05:56:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 12, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "7214f68812c0c0c3293f0c4b4ec57caf6f8614970be584fa18f6238de8e09e90", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "ccc981b9128410ac62ce5ef844b8df92", "key": "sourceData"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "db4a08647e1943b28656057a59261f29", "key": "cpe"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "270fe33c6905066e8553c1eba5f08315", "key": "modified"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2018-11-11T08:32:08", "modified": "2018-07-03T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e00c05a3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22dab22b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fce8833f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 1}, "differentElements": ["references", "modified"], "edition": 12, "lastseen": "2018-11-11T08:32:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2016-5257"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 10, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "5aa5a1626f8c57bdaa8d45e2238f8bb2294e9eb6f4c1a39b54067f8dd0660aba", "hashmap": [{"hash": "3c92b24c0a154ee4e6191c81517df6eb", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "db4a08647e1943b28656057a59261f29", "key": "cpe"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "270fe33c6905066e8553c1eba5f08315", "key": "modified"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2018-08-30T19:44:33", "modified": "2018-07-03T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/03 15:35:24\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 10, "lastseen": "2018-08-30T19:44:33"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 3, "hash": "a8b587b7cce61e7a551739d53a66e533264629cbf9f75de20cbdefa86d131563", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "3f841d2e7cda25b1b303f4bc9c810ef4", "key": "modified"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "3c4e298f3fd3110ac7e6e2800183c9ed", "key": "sourceData"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2016-10-08T01:25:10", "modified": "2016-10-07T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/07 15:27:36 $\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_osvdb_id(144614, 144615, 144616, 144617, 144618, 144619, 144620, 144621, 144623);\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2016-10-08T01:25:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 11, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a06cfe14e29ce70f294a12f27de9d5a51af4bb7f42d5ff5eb4b8503a01f92a86", "hashmap": [{"hash": "3c92b24c0a154ee4e6191c81517df6eb", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "db4a08647e1943b28656057a59261f29", "key": "cpe"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "270fe33c6905066e8553c1eba5f08315", "key": "modified"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2018-09-01T23:50:45", "modified": "2018-07-03T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/03 15:35:24\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 1}, "differentElements": ["sourceData"], "edition": 11, "lastseen": "2018-09-01T23:50:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2016-5257"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 6, "enchantments": {}, "hash": "a521599321394ce0dc14b24d5c3990e43055dbfeb310383f87e9bb101f7d86b4", "hashmap": [{"hash": "77fc6a6e95dee9a1e4d3726560063eef", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "27f18e0cf59be9ba9f537a2a14b45aca", "key": "title"}, {"hash": "00ff50496f64a58f5ce3344274e901c2", "key": "references"}, {"hash": "d693ca9152c7646d0d495a403d7c3b12", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "0e1ae051ab924c9433ec85a9b49cc83f", "key": "sourceData"}, {"hash": "b018c4117a9e561f2f9d99dd42d3a69b", "key": "href"}, {"hash": "874bc1e4a5cb164285fb16be0c74e311", "key": "published"}, {"hash": "fe0181fa11124a8385473ce0f639460a", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "774d35468661e98fec7d308accb9cfcd", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93830", "id": "CENTOS_RHSA-2016-1985.NASL", "lastseen": "2016-11-18T05:26:22", "modified": "2016-11-17T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "93830", "published": "2016-10-04T00:00:00", "references": ["http://www.nessus.org/u?285882b5", "http://www.nessus.org/u?9f5bdd0f", "http://www.nessus.org/u?58920601"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/11/17 21:12:11 $\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_osvdb_id(144614, 144615, 144616, 144617, 144618, 144619, 144620, 144621, 144623);\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285882b5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58920601\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f5bdd0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 6, "lastseen": "2016-11-18T05:26:22"}], "edition": 13, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "db4a08647e1943b28656057a59261f29"}, {"key": "cvelist", "hash": "774d35468661e98fec7d308accb9cfcd"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "d693ca9152c7646d0d495a403d7c3b12"}, {"key": "href", "hash": "b018c4117a9e561f2f9d99dd42d3a69b"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "fe0181fa11124a8385473ce0f639460a"}, {"key": "published", "hash": "874bc1e4a5cb164285fb16be0c74e311"}, {"key": "references", "hash": "6d3565fa9736654ca8c8d042a0d239f7"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "ccc981b9128410ac62ce5ef844b8df92"}, {"key": "title", "hash": "27f18e0cf59be9ba9f537a2a14b45aca"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "3cd7d40a9fa9b6e3cc05d59a0209edb1e86f0fd8230463ea9388fe2a03b8e752", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# CentOS Errata and Security Advisory 2016:1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93830);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e00c05a3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22dab22b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fce8833f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.4.0-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "93830", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"]}
{"cve": [{"lastseen": "2018-06-12T12:34:32", "references": ["https://security.gentoo.org/glsa/201701-15", "http://www.securityfocus.com/bid/93049", "https://www.mozilla.org/security/advisories/mfsa2016-86/", "https://bugzilla.mozilla.org/show_bug.cgi?id=1288588", "https://bugzilla.mozilla.org/show_bug.cgi?id=1287204", "https://bugzilla.mozilla.org/show_bug.cgi?id=1294407", "https://bugzilla.mozilla.org/show_bug.cgi?id=1288780", "http://www.debian.org/security/2016/dsa-3674", "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "http://rhn.redhat.com/errata/RHSA-2016-1912.html", "http://www.debian.org/security/2016/dsa-3690", "https://bugzilla.mozilla.org/show_bug.cgi?id=1277213", "https://bugzilla.mozilla.org/show_bug.cgi?id=1289280", "https://bugzilla.mozilla.org/show_bug.cgi?id=1294095", "http://rhn.redhat.com/errata/RHSA-2016-1985.html", "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293347", "https://bugzilla.mozilla.org/show_bug.cgi?id=1288555", "http://www.securitytracker.com/id/1036852", "https://www.mozilla.org/security/advisories/mfsa2016-88/"], "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 6, "reporter": "NVD", "published": "2016-09-22T18:59:02", "title": "CVE-2016-5257", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2016-5257"], "scanner": [], "modified": "2018-06-11T21:29:00", "cpe": ["cpe:/a:mozilla:firefox_esr:45.3.0", "cpe:/a:mozilla:firefox_esr:45.2.0", "cpe:/a:mozilla:firefox:48.0.2", "cpe:/a:mozilla:firefox_esr:45.1.1", "cpe:/a:mozilla:firefox_esr:45.1.0"], "id": "CVE-2016-5257", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5257", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:48:21", "references": ["http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html", "2016:1985"], "pluginID": "1361412562310882571", "description": "Check the version of thunderbird", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-05T00:00:00", "title": "CentOS Update for thunderbird CESA-2016:1985 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882571", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882571", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:1985 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882571\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 15:43:15 +0530 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:1985 centos5 \");\n script_tag(name: \"summary\", value: \"Check the version of thunderbird\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Thunderbird is a standalone mail \nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as\nthe original reporters.\n\");\n script_tag(name: \"affected\", value: \"thunderbird on CentOS 5\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:1985\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.4.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:08", "references": ["http://www.debian.org/security/2016/dsa-3690.html"], "pluginID": "1361412562310703690", "description": "Multiple security issues have been found in Icedove, Debian", "edition": 3, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-10-10T00:00:00", "title": "Debian Security Advisory DSA 3690-1 (icedove - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2017-12-18T00:00:00", "id": "OPENVAS:1361412562310703690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703690", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3690.nasl 8154 2017-12-18 07:30:14Z teissa $\n# Auto-generated from advisory DSA 3690-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703690\");\n script_version(\"$Revision: 8154 $\");\n script_cve_id(\"CVE-2016-5257\");\n script_name(\"Debian Security Advisory DSA 3690-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-12-18 08:30:14 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-10-10 00:00:00 +0200 (Mon, 10 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3690.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icedove on Debian Linux\");\n script_tag(name: \"insight\", value: \"Icedove is an unbranded Thunderbird mail client suitable for free\ndistribution. It supports different mail accounts (POP, IMAP, Gmail), has an\nintegrated learning Spam filter, and offers easy organization of mails with\ntagging and virtual folders. Also, more features can be added by installing\nextensions.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 1:45.4.0-1~deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 1:45.4.0-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:45.4.0-1.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:31", "references": ["http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html", "2016:1985"], "pluginID": "1361412562310882573", "description": "Check the version of thunderbird", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-05T00:00:00", "title": "CentOS Update for thunderbird CESA-2016:1985 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882573", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:1985 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882573\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 15:43:21 +0530 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:1985 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of thunderbird\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Thunderbird is a standalone mail \nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as\nthe original reporters.\n\");\n script_tag(name: \"affected\", value: \"thunderbird on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:1985\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.4.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:11", "references": ["http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html", "2016:1985"], "pluginID": "1361412562310882572", "description": "Check the version of thunderbird", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-05T00:00:00", "title": "CentOS Update for thunderbird CESA-2016:1985 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882572", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882572", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:1985 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882572\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 15:43:04 +0530 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:1985 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of thunderbird\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Thunderbird is a standalone mail \nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as\nthe original reporters.\n\");\n script_tag(name: \"affected\", value: \"thunderbird on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:1985\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.4.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T12:59:34", "references": ["2016:1985-01", "https://www.redhat.com/archives/rhsa-announce/2016-October/msg00000.html"], "pluginID": "1361412562310871667", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-05T00:00:00", "title": "RedHat Update for thunderbird RHSA-2016:1985-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871667", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2016:1985-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871667\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 15:43:07 +0530 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2016:1985-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\n and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:1985-01\");\n script_xref(name:\"URL\" , value:\"https://www.redhat.com/archives/rhsa-announce/2016-October/msg00000.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.4.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~45.4.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:54:38", "references": ["http://www.debian.org/security/2016/dsa-3690.html"], "pluginID": "703690", "description": "Multiple security issues have been found in Icedove, Debian", "edition": 2, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-10-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 3690-1 (icedove - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703690", "id": "OPENVAS:703690", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3690.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3690-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703690);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5257\");\n script_name(\"Debian Security Advisory DSA 3690-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-10-10 00:00:00 +0200 (Mon, 10 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3690.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icedove on Debian Linux\");\n script_tag(name: \"insight\", value: \"Icedove is an unbranded Thunderbird mail client suitable for free\ndistribution. It supports different mail accounts (POP, IMAP, Gmail), has an\nintegrated learning Spam filter, and offers easy organization of mails with\ntagging and virtual folders. Also, more features can be added by installing\nextensions.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 1:45.4.0-1~deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 1:45.4.0-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:45.4.0-1.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.4.0-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.4.0-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:17", "references": ["http://www.debian.org/security/2016/dsa-3674.html"], "pluginID": "703674", "description": "Multiple security issues have been found\nin the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows\nand other implementation errors may lead to the execution of arbitrary code or\ninformation disclosure.", "edition": 2, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-09-22T00:00:00", "title": "Debian Security Advisory DSA 3674-1 (firefox-esr - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703674", "id": "OPENVAS:703674", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3674.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3674-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703674);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\",\n \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\",\n \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n script_name(\"Debian Security Advisory DSA 3674-1 (firefox-esr - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-09-22 00:00:00 +0200 (Thu, 22 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3674.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"firefox-esr on Debian Linux\");\n script_tag(name: \"insight\", value: \"Firefox ESR is a powerful, extensible\nweb browser with support for modern web application technologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 45.4.0esr-1~deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.4.0esr-1 of firefox-esr and in version 49.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found\nin the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows\nand other implementation errors may lead to the execution of arbitrary code or\ninformation disclosure.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.4.0esr-1~deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:23", "references": ["2016:1912", "http://lists.centos.org/pipermail/centos-announce/2016-September/022088.html"], "pluginID": "1361412562310882560", "description": "Check the version of firefox", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-09-23T00:00:00", "title": "CentOS Update for firefox CESA-2016:1912 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882560", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:1912 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882560\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 05:41:25 +0200 (Fri, 23 Sep 2016)\");\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\", \n \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\", \n \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:1912 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272,\nCVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281,\nCVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Samuel Grob, Brian Carpenter, Mei Wang, Ryan Duff,\nCatalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp,\nCarsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original\nreporters.\n\");\n script_tag(name: \"affected\", value: \"firefox on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:1912\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-September/022088.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.4.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:37:05", "references": ["http://www.mozilla.com/en-US/firefox/all.html", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"], "pluginID": "1361412562310809326", "description": "This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-09-23T00:00:00", "title": "Mozilla Firefox Esr Security Updates( mfsa_2016-85_2016-86 )-Windows", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310809326", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809326", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mfsa_2016-85_2016-86_win.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Mozilla Firefox Esr Security Updates( mfsa_2016-85_2016-86 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809326\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5276\", \"CVE-2016-5274\",\n \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\",\n \"CVE-2016-5284\", \"CVE-2016-5250\", \"CVE-2016-5261\", \"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 10:25:49 +0530 (Fri, 23 Sep 2016)\");\n script_name(\"Mozilla Firefox Esr Security Updates( mfsa_2016-85_2016-86 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString.\n\n - Bad cast in nsImageGeometryMixin.\n\n - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList.\n\n - Use-after-free in nsFrameManager::CaptureFrameState.\n\n - Heap-use-after-free in nsRefreshDriver::Tick.\n\n - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame.\n\n - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap.\n\n - Use-after-free in DOMSVGLength.\n\n - Add-on update site certificate pin expiration.\n\n - Resource Timing API is storing resources sent by the previous page.\n\n - Integer overflow and memory corruption in WebSocketChannel\n\n - Memory safety bugs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities allow remote attackers to cause a denial of service, to execute\n arbitrary code, to obtain sensitive full-pathname information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox Esr version before\n 45.4 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox Esr version 45.4\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.4\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.4\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:37:15", "references": ["http://www.mozilla.com/en-US/firefox/all.html", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/"], "pluginID": "1361412562310809327", "description": "This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-09-23T00:00:00", "title": "Mozilla Firefox Esr Security Updates( mfsa_2016-85_2016-86 )-MAC OS X", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310809327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809327", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mfsa_2016-85_2016-86_macosx.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Mozilla Firefox Esr Security Updates( mfsa_2016-85_2016-86 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809327\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5276\", \"CVE-2016-5274\",\n \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\",\n \"CVE-2016-5284\", \"CVE-2016-5250\", \"CVE-2016-5261\", \"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 10:26:10 +0530 (Fri, 23 Sep 2016)\");\n script_name(\"Mozilla Firefox Esr Security Updates( mfsa_2016-85_2016-86 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString.\n\n - Bad cast in nsImageGeometryMixin.\n\n - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList.\n\n - Use-after-free in nsFrameManager::CaptureFrameState.\n\n - Heap-use-after-free in nsRefreshDriver::Tick.\n\n - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame.\n\n - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap.\n\n - Use-after-free in DOMSVGLength.\n\n - Add-on update site certificate pin expiration.\n\n - Resource Timing API is storing resources sent by the previous page.\n\n - Integer overflow and memory corruption in WebSocketChannel\n\n - Memory safety bugs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities allow remote attackers to cause a denial of service, to execute\n arbitrary code, to obtain sensitive full-pathname information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox Esr version before\n 45.4 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox Esr version 45.4\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.4\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.4\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:53", "references": ["https://rhn.redhat.com/errata/RHSA-2016-1985.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "45.4.0-1.el7.centos", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el7.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "45.4.0-1.el7.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el7.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "45.4.0-1.el5.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "45.4.0-1.el6.centos", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el6.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "45.4.0-1.el6.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el6.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "45.4.0-1.el6.centos", "arch": "i686", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el6.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "45.4.0-1.el5.centos", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "45.4.0-1.el5.centos", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el5.centos.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2016:1985\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the\noriginal reporters.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-October/022107.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-October/022108.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-October/022109.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1985.html", "edition": 1, "reporter": "CentOS Project", "published": "2016-10-03T20:12:34", "title": "thunderbird security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5257"], "modified": "2016-10-03T20:23:48", "href": "http://lists.centos.org/pipermail/centos-announce/2016-October/022107.html", "id": "CESA-2016:1985", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-26T01:05:04", "references": ["https://rhn.redhat.com/errata/RHSA-2016-1912.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "45.4.0-1.el6.centos", "packageFilename": "firefox-45.4.0-1.el6.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "45.4.0-1.el7.centos", "packageFilename": "firefox-45.4.0-1.el7.centos.i686.rpm", "packageName": "firefox", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "45.4.0-1.el5.centos", "packageFilename": "firefox-45.4.0-1.el5.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "45.4.0-1.el6.centos", "packageFilename": "firefox-45.4.0-1.el6.centos.i686.rpm", "packageName": "firefox", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "45.4.0-1.el6.centos", "packageFilename": "firefox-45.4.0-1.el6.centos.i686.rpm", "packageName": "firefox", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "45.4.0-1.el7.centos", "packageFilename": "firefox-45.4.0-1.el7.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "45.4.0-1.el7.centos", "packageFilename": "firefox-45.4.0-1.el7.centos.x86_64.rpm", "packageName": "firefox", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "45.4.0-1.el6.centos", "packageFilename": "firefox-45.4.0-1.el6.centos.x86_64.rpm", "packageName": "firefox", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "45.4.0-1.el5.centos", "packageFilename": "firefox-45.4.0-1.el5.centos.x86_64.rpm", "packageName": "firefox", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "45.4.0-1.el5.centos", "packageFilename": "firefox-45.4.0-1.el5.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "45.4.0-1.el5.centos", "packageFilename": "firefox-45.4.0-1.el5.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2016:1912\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gro\u00df, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/022088.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/022089.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/022090.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1912.html", "edition": 2, "reporter": "CentOS Project", "published": "2016-09-22T13:23:33", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "firefox security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-09-22T15:31:34", "href": "http://lists.centos.org/pipermail/centos-announce/2016-September/022088.html", "id": "CESA-2016:1912", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-12T21:09:39", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "src", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el5_11.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "i686", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el6_8.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "ppc64", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el6_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "s390x", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el6_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "src", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el6_8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el6_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "ppc64le", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el7_2.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "src", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el7_2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-45.4.0-1.el7_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "i386", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-45.4.0-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-45.4.0-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "i686", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-45.4.0-1.el6_8.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "ppc64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-45.4.0-1.el6_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "s390x", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-45.4.0-1.el6_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-45.4.0-1.el6_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "ppc64le", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-45.4.0-1.el7_2.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-45.4.0-1.el7_2.x86_64.rpm", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the\noriginal reporters.\n", "reporter": "RedHat", "published": "2016-10-03T04:00:00", "type": "redhat", "title": "(RHSA-2016:1985) Important: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5257"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:05", "id": "RHSA-2016:1985", "href": "https://access.redhat.com/errata/RHSA-2016:1985", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-12T21:09:36", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el5_11.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el5_11.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el6_8.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el6_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el6_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el6_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el6_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el6_8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el6_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el7_2.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el7_2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el7_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "ppc64le", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el7_2.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el7_2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el7_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el7_2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-45.4.0-1.el7_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "i386", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el5_11.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "45.4.0-1.el5_11", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el6_8.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el6_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el6_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el6_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el6_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "45.4.0-1.el6_8", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el6_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el7_2.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el7_2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el7_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "ppc64le", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el7_2.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el7_2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el7_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "45.4.0-1.el7_2", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-45.4.0-1.el7_2.x86_64.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gro\u00df, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.", "reporter": "RedHat", "published": "2016-09-21T10:56:38", "type": "redhat", "title": "(RHSA-2016:1912) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:27", "id": "RHSA-2016:1912", "href": "https://access.redhat.com/errata/RHSA-2016:1912", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:21", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "45.4.0-1.0.1.el6_8", "arch": "x86_64", "packageFilename": "thunderbird-45.4.0-1.0.1.el6_8.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "45.4.0-1.0.1.el6_8", "arch": "i686", "packageFilename": "thunderbird-45.4.0-1.0.1.el6_8.i686.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "45.4.0-1.0.1.el7_2", "arch": "x86_64", "packageFilename": "thunderbird-45.4.0-1.0.1.el7_2.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "45.4.0-1.0.1.el5_11", "arch": "x86_64", "packageFilename": "thunderbird-45.4.0-1.0.1.el5_11.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "45.4.0-1.0.1.el6_8", "arch": "src", "packageFilename": "thunderbird-45.4.0-1.0.1.el6_8.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "45.4.0-1.0.1.el6_8", "arch": "src", "packageFilename": "thunderbird-45.4.0-1.0.1.el6_8.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "45.4.0-1.0.1.el5_11", "arch": "i386", "packageFilename": "thunderbird-45.4.0-1.0.1.el5_11.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "45.4.0-1.0.1.el5_11", "arch": "src", "packageFilename": "thunderbird-45.4.0-1.0.1.el5_11.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "45.4.0-1.0.1.el5_11", "arch": "src", "packageFilename": "thunderbird-45.4.0-1.0.1.el5_11.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "45.4.0-1.0.1.el7_2", "arch": "src", "packageFilename": "thunderbird-45.4.0-1.0.1.el7_2.src.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[45.4.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[45.4.0-1]\n- Update to 45.4.0", "edition": 3, "reporter": "Oracle", "published": "2016-10-03T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5257"], "modified": "2016-10-03T00:00:00", "id": "ELSA-2016-1985", "href": "http://linux.oracle.com/errata/ELSA-2016-1985.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:38:43", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "45.4.0-1.0.1.el7_2", "arch": "src", "packageFilename": "firefox-45.4.0-1.0.1.el7_2.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "45.4.0-1.0.1.el6_8", "arch": "x86_64", "packageFilename": "firefox-45.4.0-1.0.1.el6_8.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "45.4.0-1.0.1.el5_11", "arch": "src", "packageFilename": "firefox-45.4.0-1.0.1.el5_11.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "45.4.0-1.0.1.el5_11", "arch": "src", "packageFilename": "firefox-45.4.0-1.0.1.el5_11.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "45.4.0-1.0.1.el7_2", "arch": "x86_64", "packageFilename": "firefox-45.4.0-1.0.1.el7_2.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "45.4.0-1.0.1.el7_2", "arch": "i686", "packageFilename": "firefox-45.4.0-1.0.1.el7_2.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "45.4.0-1.0.1.el6_8", "arch": "i686", "packageFilename": "firefox-45.4.0-1.0.1.el6_8.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "45.4.0-1.0.1.el6_8", "arch": "i686", "packageFilename": "firefox-45.4.0-1.0.1.el6_8.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "45.4.0-1.0.1.el5_11", "arch": "i386", "packageFilename": "firefox-45.4.0-1.0.1.el5_11.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "45.4.0-1.0.1.el5_11", "arch": "i386", "packageFilename": "firefox-45.4.0-1.0.1.el5_11.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "45.4.0-1.0.1.el5_11", "arch": "x86_64", "packageFilename": "firefox-45.4.0-1.0.1.el5_11.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "45.4.0-1.0.1.el6_8", "arch": "src", "packageFilename": "firefox-45.4.0-1.0.1.el6_8.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "45.4.0-1.0.1.el6_8", "arch": "src", "packageFilename": "firefox-45.4.0-1.0.1.el6_8.src.rpm", "packageName": "firefox", "operator": "lt"}], "description": "[45.4.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[45.4.0-1]\n- Update to 45.4.0 ESR", "edition": 3, "reporter": "Oracle", "published": "2016-09-21T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-09-21T00:00:00", "id": "ELSA-2016-1912", "href": "http://linux.oracle.com/errata/ELSA-2016-1912.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:37", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-zh-cn_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-zh-cn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-rm_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-rm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-pt-pt_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-pt-pt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-et_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-et", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-ca_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-ca", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-ca_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-ca", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-pt-pt_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-pt-pt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-ar_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-eu_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-eu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-sk_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-sk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-el_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-el", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-ru_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-ru", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-es-ar_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-es-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-ta-lk_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-ta-lk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-bg_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-bg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-fi_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-fi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-ar_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-sk_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-sk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-nb-no_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-nb-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-bn-bd_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-bn-bd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-fr_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-fr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-cy_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-cy", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-nl_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-hu_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-hu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-bg_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-bg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-cs_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-cs", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-hy-am_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-hy-am", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-sv-se_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-sv-se", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-be_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-be", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-ko_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-ko", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-nn-no_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-nn-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-hr_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-hr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-hr_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-hr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-si_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-si", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-cs_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-cs", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-ro_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-ro", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-sl_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-sl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-zh-tw_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-zh-tw", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-da_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-da", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-si_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-si", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-es-ar_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-es-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-sr_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-sr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-nn-no_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-nn-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-it_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-it", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-pt-br_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-pt-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-id_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-id", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-lt_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-lt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-cy_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-cy", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-it_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-it", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-gl_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-gl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-br_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-ko_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-ko", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-fy-nl_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-fy-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-hy-am_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-hy-am", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-vi_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-vi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-lt_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-lt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-ru_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-ru", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-uk_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-uk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-bn-bd_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-bn-bd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-pa-in_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-pa-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-is_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-is", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-br_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-all_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-is_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-is", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-sl_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-sl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-de_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-de", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-pa-in_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-pa-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-br_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-ro_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-ro", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-sq_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-sq", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-bg_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-bg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-dev_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-id_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-id", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-uk_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-uk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-nb-no_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-nb-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-dev_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-ro_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-ro", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-hr_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-hr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-en-gb_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-en-gb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-pt-br_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-pt-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-gl_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-gl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-pl_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-pl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-ta-lk_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-ta-lk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-uk_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-uk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-sl_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-sl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-it_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-it", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-ast_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-ast", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-fr_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-fr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-ga-ie_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-ga-ie", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-es-es_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-es-es", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-vi_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-vi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-extension_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-extension", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-cs_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-cs", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-gl_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-gl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-be_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-be", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-fi_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-fi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-et_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-et", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-de_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-de", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-tr_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-tr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-nn-no_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-nn-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-en-gb_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-en-gb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-zh-tw_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-zh-tw", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-ar_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-zh-cn_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-zh-cn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-ru_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-ru", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-el_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-el", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-fr_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-fr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-bg_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-bg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-hu_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-hu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-he_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-he", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-sr_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-sr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-fy-nl_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-fy-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-nn-no_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-nn-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-gd_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-gd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-ru_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-ru", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-sv-se_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-sv-se", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-el_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-el", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-ja_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-ja", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-is_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-is", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-it_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-it", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-pt-pt_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-pt-pt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-ja_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-ja", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-ko_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-ko", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-si_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-si", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-zh-cn_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-zh-cn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-de_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-de", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-pt-pt_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-pt-pt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-en-gb_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-en-gb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-ro_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-ro", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-fy-nl_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-fy-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-sv-se_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-sv-se", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-ta-lk_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-ta-lk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-br_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-nb-no_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-nb-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-uk_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-uk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-gd_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-gd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-rm_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-rm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-is_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-is", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-pt-br_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-pt-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-tr_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-tr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-dbg_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-pl_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-pl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-da_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-da", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-es-es_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-es-es", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-tr_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-tr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-hu_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-hu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-eu_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-eu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-pl_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-pl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-es-es_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-es-es", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-ga-ie_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-ga-ie", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-fy-nl_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-fy-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-he_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-he", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-rm_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-rm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-sv-se_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-sv-se", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-si_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-si", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-sr_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-sr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-vi_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-vi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-gl_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-gl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-sk_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-sk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-ca_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-ca", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-ca_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-ca", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-id_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-id", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-sr_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-sr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-en-gb_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-en-gb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-lt_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-lt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-zh-tw_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-zh-tw", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-es-es_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-es-es", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-eu_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-eu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-rm_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-rm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-sq_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-sq", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-ja_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-ja", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-ga-ie_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-ga-ie", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-zh-cn_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-zh-cn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-all_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-et_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-et", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-ar_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-es-ar_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-es-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-pl_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-pl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-hr_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-hr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-sq_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-sq", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-et_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-et", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-ja_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-ja", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-nl_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-gd_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-gd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-nl_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-el_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-el", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-id_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-id", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "calendar-google-provider_1:45.4.0-1~deb8u1_all.deb", "packageName": "calendar-google-provider", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-gd_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-gd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-fr_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-fr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-bn-bd_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-bn-bd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-da_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-da", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-he_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-he", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-sk_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-sk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-fi_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-fi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-tr_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-tr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-eu_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-eu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-zh-tw_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-zh-tw", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-pa-in_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-pa-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-hy-am_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-hy-am", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-ast_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-ast", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-dbg_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-ga-ie_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-ga-ie", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-vi_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-vi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-nb-no_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-nb-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-ko_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-ko", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-es-ar_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-es-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-be_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-be", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-hu_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-hu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-de_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-de", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-nl_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-sq_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-sq", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-lt_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-lt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-cs_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-cs", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-be_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-be", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-pt-br_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-pt-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-hy-am_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-hy-am", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-he_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-he", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-pa-in_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-pa-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-fi_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-fi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "iceowl-l10n-ta-lk_1:45.4.0-1~deb8u1_all.deb", "packageName": "iceowl-l10n-ta-lk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "thunderbird-l10n-bn-bd_1:45.4.0-1~deb8u1_all.deb", "packageName": "thunderbird-l10n-bn-bd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "icedove-l10n-da_1:45.4.0-1~deb8u1_all.deb", "packageName": "icedove-l10n-da", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:45.4.0-1~deb8u1", "arch": "all", "packageFilename": "lightning-l10n-sl_1:45.4.0-1~deb8u1_all.deb", "packageName": "lightning-l10n-sl", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3690-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 10, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-5257\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:45.4.0-1~deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 1:45.4.0-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:45.4.0-1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2016-10-10T19:19:20", "title": "[SECURITY] [DSA 3690-1] icedove security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:37", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5257"], "modified": "2016-10-10T19:19:20", "id": "DEBIAN:DSA-3690-1:6CEB0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00271.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-08T01:49:37", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-fr_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-fr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ko_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ko", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-cs_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-cs", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-is_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-is", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-th_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-th", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-pt-br_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-pt-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-bg_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-bg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-hy-am_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-hy-am", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-gu-in_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-gu-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ca_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ca", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ja_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ja", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-es-ar_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-es-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ta_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ta", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-lv_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-lv", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-lv_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-lv", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-dsb_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-dsb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-dbg_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ru_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ru", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-it_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-it", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-nl_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-hi-in_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-hi-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-pa-in_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-pa-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-hsb_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-hsb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-es-mx_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-es-mx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-el_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-el", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-sr_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-sr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-zh-cn_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-zh-cn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-sv-se_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-sv-se", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-xh_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-xh", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-th_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-th", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-mr_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-mr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-son_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-son", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-he_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-he", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-eo_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-eo", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-oc_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-oc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-uz_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-uz", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ta_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ta", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-eu_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-eu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-uk_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-uk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-zh-cn_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-zh-cn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ach_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ach", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-eu_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-eu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-zh-tw_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-zh-tw", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-nb-no_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-nb-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-en-za_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-en-za", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-de_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-de", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ms_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ms", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-sq_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-sq", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-sr_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-sr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ms_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ms", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-or_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-or", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-dbg_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-es-mx_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-es-mx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-hi-in_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-hi-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-gd_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-gd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-tr_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-tr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ca_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ca", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-bs_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-bs", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-gl_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-gl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-fi_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-fi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-si_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-si", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-vi_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-vi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-an_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-an", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-hu_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-hu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-mai_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-mai", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-mk_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-mk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ga-ie_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ga-ie", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-cs_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-cs", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-pa-in_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-pa-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-zh-tw_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-zh-tw", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-gn_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-gn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-gd_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-gd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-fa_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-fa", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-sk_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-sk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-es-es_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-es-es", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-sk_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-sk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-it_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-it", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-lij_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-lij", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-te_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-te", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-kn_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-kn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-eo_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-eo", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-bn-bd_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-bn-bd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-kn_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-kn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-br_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ar_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-pt-pt_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-pt-pt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-rm_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-rm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-be_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-be", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ast_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ast", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-te_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-te", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-xh_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-xh", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ka_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ka", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-bn-in_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-bn-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-kab_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-kab", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-be_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-be", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ast_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ast", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-uz_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-uz", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-pl_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-pl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-es-es_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-es-es", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-sl_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-sl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-kab_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-kab", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-he_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-he", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ml_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ml", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ff_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ff", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-hr_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-hr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-en-gb_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-en-gb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ka_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ka", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-cak_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-cak", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-de_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-de", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-or_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-or", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-mai_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-mai", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-da_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-da", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-hy-am_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-hy-am", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-bn-bd_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-bn-bd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-es-cl_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-es-cl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-fa_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-fa", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-af_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-af", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-cy_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-cy", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-uk_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-uk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ach_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ach", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-dev_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-nn-no_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-nn-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-fr_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-fr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-gu-in_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-gu-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-az_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-az", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ne-np_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ne-np", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-rm_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-rm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-et_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-et", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-lt_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-lt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-dev_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ko_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ko", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-pt-pt_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-pt-pt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ru_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ru", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ar_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-et_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-et", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-si_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-si", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-dsb_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-dsb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-hu_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-hu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-es-ar_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-es-ar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-fi_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-fi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ia_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ia", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-nl_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-pt-br_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-pt-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-el_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-el", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-km_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-km", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-nn-no_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-nn-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-cy_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-cy", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-bs_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-bs", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-an_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-an", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ro_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ro", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-pl_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-pl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-kk_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-kk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-en-gb_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-en-gb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-sv-se_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-sv-se", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ne-np_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ne-np", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-cak_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-cak", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ml_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ml", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-az_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-az", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-sq_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-sq", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-bn-in_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-bn-in", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ff_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ff", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-bg_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-bg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-kk_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-kk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-as_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-as", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-tr_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-tr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-lt_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-lt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-af_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-af", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-fy-nl_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-fy-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-my_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-my", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-km_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-km", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-mr_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-mr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-vi_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-vi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-lij_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-lij", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-br_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-br", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-gl_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-gl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-all_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-all_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-es-cl_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-es-cl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-my_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-my", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ja_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ja", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-is_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-is", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-oc_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-oc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-as_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-as", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-id_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-id", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-son_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-son", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ga-ie_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ga-ie", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ro_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ro", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ur_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ur", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-ia_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-ia", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-hsb_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-hsb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-hr_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-hr", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-id_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-id", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-mk_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-mk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-da_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-da", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-ur_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-ur", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-en-za_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-en-za", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-nb-no_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-nb-no", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-fy-nl_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-fy-nl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "iceweasel-l10n-gn_45.4.0esr-1~deb8u2_all.deb", "packageName": "iceweasel-l10n-gn", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "45.4.0esr-1~deb8u2", "arch": "all", "packageFilename": "firefox-esr-l10n-sl_45.4.0esr-1~deb8u2_all.deb", "packageName": "firefox-esr-l10n-sl", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3674-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 22, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 \n CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277\n CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation disclosure.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.4.0esr-1~deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.4.0esr-1 of firefox-esr and in version 49.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2016-09-22T19:56:29", "title": "[SECURITY] [DSA 3674-1] firefox-esr security update", "type": "debian", "enchantments": {"score": {"modified": "2018-11-08T01:49:37", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-09-22T19:56:29", "id": "DEBIAN:DSA-3674-1:A1E50", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00253.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:03", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "1:45.4.0-1~deb7u1", "arch": "all", "packageFilename": "icedove_1:45.4.0-1~deb7u1_all.deb", "packageName": "icedove", "operator": "lt"}], "description": "Package : icedove\nVersion : 45.4.0-1~deb7u1\nCVE ID : CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261, CVE-2016-5257\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.4.0-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "reporter": "Debian", "published": "2016-10-16T17:20:47", "title": "[SECURITY] [DLA 658-1] icedove security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:03", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-10-16T17:20:47", "id": "DEBIAN:DLA-658-1:FEEE0", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201610/msg00014.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:50:35", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "45.4.0esr-1~deb7u1", "arch": "all", "packageFilename": "firefox-esr_45.4.0esr-1~deb7u1_all.deb", "packageName": "firefox-esr", "operator": "lt"}], "description": "Package : firefox-esr\nVersion : 45.4.0esr-1~deb7u1\nCVE ID : CVE-2016-5250 CVE-2016-5257 CVE-2016-5261\n CVE-2016-5270 CVE-2016-5272 CVE-2016-5274\n CVE-2016-5276 CVE-2016-5277 CVE-2016-5278\n CVE-2016-5280 CVE-2016-5281 CVE-2016-5284\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation disclosure.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.4.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "reporter": "Debian", "published": "2016-09-27T12:05:47", "title": "[SECURITY] [DLA 636-1] firefox-esr security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:35", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-09-27T12:05:47", "id": "DEBIAN:DLA-636-1:3B163", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201609/msg00032.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-02T00:06:45", "references": ["http://www.nessus.org/u?d22d1a8e"], "pluginID": "93859", "description": "This update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)", "edition": 8, "reporter": "Tenable", "published": "2016-10-05T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2016-10-28T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161003_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93859", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93859);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/28 21:03:38 $\");\n\n script_cve_id(\"CVE-2016-5257\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Thunderbird to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2016-5257)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1610&L=scientific-linux-errata&F=&S=&P=78\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d22d1a8e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-45.4.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-45.4.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-45.4.0-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-45.4.0-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.4.0-1.el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T17:02:46", "references": ["https://packages.debian.org/source/jessie/icedove", "https://www.debian.org/security/2016/dsa-3690"], "pluginID": "93941", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.", "edition": 10, "reporter": "Tenable", "published": "2016-10-11T00:00:00", "title": "Debian DSA-3690-1 : icedove - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:icedove"], "id": "DEBIAN_DSA-3690.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3690. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93941);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"DSA\", value:\"3690\");\n\n script_name(english:\"Debian DSA-3690-1 : icedove - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: Multiple memory safety errors\nmay lead to the execution of arbitrary code or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3690\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:45.4.0-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"1:45.4.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"1:45.4.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"1:45.4.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"1:45.4.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"1:45.4.0-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:46", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006385.html", "https://oss.oracle.com/pipermail/el-errata/2016-October/006386.html"], "pluginID": "93842", "description": "From Red Hat Security Advisory 2016:1985 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 11, "reporter": "Tenable", "published": "2016-10-04T00:00:00", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2016-1985)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-1985.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93842", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:1985 and \n# Oracle Linux Security Advisory ELSA-2016-1985 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93842);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/07/25 14:27:30\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2016-1985)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:1985 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006385.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006386.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-45.4.0-1.0.1.el6_8\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.0.1.el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:55:59", "references": ["http://www.nessus.org/u?f3138c54", "https://access.redhat.com/errata/RHSA-2016:1985", "https://access.redhat.com/security/cve/cve-2016-5257"], "pluginID": "93843", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters.", "edition": 13, "reporter": "Tenable", "published": "2016-10-04T00:00:00", "title": "RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:1985)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5257"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-1985.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93843", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1985. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93843);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:55\");\n\n script_cve_id(\"CVE-2016-5257\");\n script_xref(name:\"RHSA\", value:\"2016:1985\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:1985)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp\nand Carsten Book as the original reporters.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3138c54\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5257\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1985\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-45.4.0-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-45.4.0-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.4.0-1.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-45.4.0-1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-45.4.0-1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-45.4.0-1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-45.4.0-1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.4.0-1.el6_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-45.4.0-1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.4.0-1.el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:04", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/"], "pluginID": "93661", "description": "The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.4. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the HttpBaseChannel::GetPerformance() function in netwerk/protocol/http/HttpBaseChannel.cpp due to the program leaking potentially sensitive resources of URLs through the Resource Timing API during page navigation. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2016-5250)\n\n - Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5257)\n\n - An integer overflow condition exists in the WebSocketChannel::ProcessInput() function within file netwerk/protocol/websocket/WebSocketChannel.cpp when handling specially crafted WebSocketChannel packets due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5261)\n\n - A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278)\n\n - A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists due to the certificate pinning policy for built-in sites (e.g., addons.mozilla.org) not being honored when pins have expired. A man-in-the-middle (MitM) attacker can exploit this to generate a trusted certificate, which could be used to conduct spoofing attacks. (CVE-2016-5284)", "edition": 7, "reporter": "Tenable", "published": "2016-09-22T00:00:00", "title": "Mozilla Firefox ESR 45.x < 45.4 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_45_4_ESR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93661", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93661);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2016-5250\",\n \"CVE-2016-5257\",\n \"CVE-2016-5261\",\n \"CVE-2016-5270\",\n \"CVE-2016-5272\",\n \"CVE-2016-5274\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5284\"\n );\n script_bugtraq_id(\n 92260,\n 93049\n );\n script_xref(name:\"MFSA\", value:\"2016-86\");\n\n script_name(english:\"Mozilla Firefox ESR 45.x < 45.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote Windows\nhost is 45.x prior to 45.4. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists in the HttpBaseChannel::GetPerformance()\n function in netwerk/protocol/http/HttpBaseChannel.cpp\n due to the program leaking potentially sensitive\n resources of URLs through the Resource Timing API\n during page navigation. An unauthenticated, remote\n attacker can exploit this to disclose sensitive\n information. (CVE-2016-5250)\n\n - Multiple memory safety issues exist that allow an\n unauthenticated, remote attacker to potentially execute\n arbitrary code. (CVE-2016-5257)\n\n - An integer overflow condition exists in the\n WebSocketChannel::ProcessInput() function within file\n netwerk/protocol/websocket/WebSocketChannel.cpp when\n handling specially crafted WebSocketChannel packets due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5261)\n\n - A heap buffer overflow condition exists in the\n nsCaseTransformTextRunFactory::TransformString()\n function in layout/generic/nsTextRunTransformations.cpp\n when converting text containing certain Unicode\n characters. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - A type confusion error exists within file\n layout/forms/nsRangeFrame.cpp when handling layout with\n input elements. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - A use-after-free error exists within file\n layout/style/nsRuleNode.cpp when handling web animations\n during restyling. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A use-after-free error exists in the\n DocAccessible::ProcessInvalidationList() function within\n file accessible/generic/DocAccessible.cpp when setting\n an aria-owns attribute. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the\n nsRefreshDriver::Tick() function when handling web\n animations destroying a timeline. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the\n nsBMPEncoder::AddImageFrame() function within file\n dom/base/ImageEncoder.cpp when encoding image frames to\n images. An unauthenticated, remote attacker can exploit\n this to execute arbitrary code. (CVE-2016-5278)\n\n - A use-after-free error exists in the\n nsTextNodeDirectionalityMap::RemoveElementFromMap()\n function within file dom/base/DirectionalityUtils.cpp\n when handling changing of text direction. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format\n content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists due to the certificate pinning policy for\n built-in sites (e.g., addons.mozilla.org) not being\n honored when pins have expired. A man-in-the-middle\n (MitM) attacker can exploit this to generate a trusted\n certificate, which could be used to conduct spoofing\n attacks. (CVE-2016-5284)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.4', min:'45.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T17:11:57", "references": ["https://www.suse.com/security/cve/CVE-2016-5280/", "https://www.suse.com/security/cve/CVE-2016-5277/", "https://www.suse.com/security/cve/CVE-2016-5276/", "https://www.suse.com/security/cve/CVE-2016-5250/", "https://www.suse.com/security/cve/CVE-2016-5272/", "https://www.suse.com/security/cve/CVE-2016-5281/", "http://www.nessus.org/u?7d9c0457", "https://www.suse.com/security/cve/CVE-2016-5278/", "https://www.suse.com/security/cve/CVE-2016-5274/", "https://www.suse.com/security/cve/CVE-2016-5257/", "https://www.suse.com/security/cve/CVE-2016-5261/", "https://www.suse.com/security/cve/CVE-2016-5270/", "https://bugzilla.suse.com/999701", "https://www.suse.com/security/cve/CVE-2016-5284/"], "pluginID": "94043", "description": "Mozilla Firefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed :\n\n - MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n\n - MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin\n\n - MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList\n\n - MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState\n\n - MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n\n - MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n\n - MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM ap\n\n - MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength\n\n - MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration\n\n - MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page\n\n - MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel\n\n - MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 10, "reporter": "Tenable", "published": "2016-10-13T00:00:00", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:2513-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"], "id": "SUSE_SU-2016-2513-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=94043", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2513-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94043);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:50:04\");\n\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:2513-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to 45.4.0 ESR to fix the following issues\n(bsc#999701): The following security issue were fixed :\n\n - MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n\n - MFSA 2016-86/CVE-2016-5272: Bad cast in\n nsImageGeometryMixin\n\n - MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n\n - MFSA 2016-86/CVE-2016-5274: use-after-free in\n nsFrameManager::CaptureFrameState\n\n - MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in\n nsRefreshDriver::Tick\n\n - MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame\n\n - MFSA 2016-86/CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM\n ap\n\n - MFSA 2016-86/CVE-2016-5281: use-after-free in\n DOMSVGLength\n\n - MFSA 2016-86/CVE-2016-5284: Add-on update site\n certificate pin expiration\n\n - MFSA 2016-86/CVE-2016-5250: Resource Timing API is\n storing resources sent by the previous page\n\n - MFSA 2016-86/CVE-2016-5261: Integer overflow and memory\n corruption in WebSocketChannel\n\n - MFSA 2016-86/CVE-2016-5257: Various memory safety bugs\n fixed in Firefox 49 and Firefox ESR 45.4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/999701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5250/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5257/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5270/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5274/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5276/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5277/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5278/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5280/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5281/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5284/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162513-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d9c0457\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-MozillaFirefox-12784=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch\nslemap21-MozillaFirefox-12784=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-MozillaFirefox-12784=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-MozillaFirefox-12784=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-MozillaFirefox-12784=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-MozillaFirefox-12784=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-MozillaFirefox-12784=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-MozillaFirefox-12784=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-MozillaFirefox-12784=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-45.4.0esr-53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-45.4.0esr-53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-45.4.0esr-53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-45.4.0esr-53.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:08", "references": ["http://www.nessus.org/u?4e778c29"], "pluginID": "93643", "description": "This update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)", "edition": 7, "reporter": "Tenable", "published": "2016-09-22T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-10-28T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160921_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93643", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93643);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/28 21:03:38 $\");\n\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270,\n CVE-2016-5272, CVE-2016-5274, CVE-2016-5276,\n CVE-2016-5277, CVE-2016-5280, CVE-2016-5281,\n CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1609&L=scientific-linux-errata&F=&S=&P=8155\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e778c29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-45.4.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-45.4.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-45.4.0-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-45.4.0-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-45.4.0-1.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-45.4.0-1.el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:51:38", "references": ["https://www.debian.org/security/2016/dsa-3674", "https://packages.debian.org/source/jessie/firefox-esr"], "pluginID": "93669", "description": "Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or information disclosure.", "edition": 12, "reporter": "Tenable", "published": "2016-09-23T00:00:00", "title": "Debian DSA-3674-1 : firefox-esr - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:firefox-esr"], "id": "DEBIAN_DSA-3674.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3674. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93669);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n script_xref(name:\"DSA\", value:\"3674\");\n\n script_name(english:\"Debian DSA-3674-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3674\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 45.4.0esr-1~deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dbg\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dev\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.4.0esr-1~deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:50:42", "references": ["https://www.suse.com/security/cve/CVE-2016-5280/", "https://www.suse.com/security/cve/CVE-2016-5277/", "http://www.nessus.org/u?5ea7aa98", "https://www.suse.com/security/cve/CVE-2016-5276/", "https://www.suse.com/security/cve/CVE-2016-5250/", "https://www.suse.com/security/cve/CVE-2016-5272/", "https://www.suse.com/security/cve/CVE-2016-5281/", "https://www.suse.com/security/cve/CVE-2016-5278/", "https://www.suse.com/security/cve/CVE-2016-5274/", "https://www.suse.com/security/cve/CVE-2016-5257/", "https://www.suse.com/security/cve/CVE-2016-5261/", "https://www.suse.com/security/cve/CVE-2016-5270/", "https://bugzilla.suse.com/999701", "https://www.suse.com/security/cve/CVE-2016-5284/"], "pluginID": "93860", "description": "Mozilla Firefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed :\n\n - MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n\n - MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin\n\n - MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList\n\n - MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState\n\n - MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n\n - MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n\n - MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM ap\n\n - MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength\n\n - MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration\n\n - MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page\n\n - MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel\n\n - MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 11, "reporter": "Tenable", "published": "2016-10-05T00:00:00", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:2431-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"], "id": "SUSE_SU-2016-2431-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2431-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93860);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/11/10 11:50:04\");\n\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:2431-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to 45.4.0 ESR to fix the following issues\n(bsc#999701): The following security issue were fixed :\n\n - MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n\n - MFSA 2016-86/CVE-2016-5272: Bad cast in\n nsImageGeometryMixin\n\n - MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n\n - MFSA 2016-86/CVE-2016-5274: use-after-free in\n nsFrameManager::CaptureFrameState\n\n - MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in\n nsRefreshDriver::Tick\n\n - MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame\n\n - MFSA 2016-86/CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM\n ap\n\n - MFSA 2016-86/CVE-2016-5281: use-after-free in\n DOMSVGLength\n\n - MFSA 2016-86/CVE-2016-5284: Add-on update site\n certificate pin expiration\n\n - MFSA 2016-86/CVE-2016-5250: Resource Timing API is\n storing resources sent by the previous page\n\n - MFSA 2016-86/CVE-2016-5261: Integer overflow and memory\n corruption in WebSocketChannel\n\n - MFSA 2016-86/CVE-2016-5257: Various memory safety bugs\n fixed in Firefox 49 and Firefox ESR 45.4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/999701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5250/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5257/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5270/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5274/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5276/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5277/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5278/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5280/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5281/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5284/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ea7aa98\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-MozillaFirefox-12771=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-MozillaFirefox-12771=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-45.4.0esr-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-translations-45.4.0esr-52.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-15T06:57:29", "references": ["http://www.nessus.org/u?4bff0400"], "pluginID": "99809", "description": "According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Mozilla Firefox before 48.0 allows remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.(CVE-2016-5250)\n\n - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.(CVE-2016-5257)\n\n - Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.(CVE-2016-5261)\n\n - Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.(CVE-2016-5270)\n\n - The nsImageGeometryMixin class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.(CVE-2016-5272)\n\n - Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.(CVE-2016-5274)\n\n - Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.(CVE-2016-5276)\n\n - Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.(CVE-2016-5277)\n\n - Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.(CVE-2016-5278)\n\n - Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom Map function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.(CVE-2016-5280)\n\n - Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.(CVE-2016-5281)\n\n - Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.(CVE-2016-5284)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 28, "reporter": "Tenable", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Huawei Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2018-11-14T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1046.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99809", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99809);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\n \"CVE-2016-5250\",\n \"CVE-2016-5257\",\n \"CVE-2016-5261\",\n \"CVE-2016-5270\",\n \"CVE-2016-5272\",\n \"CVE-2016-5274\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5284\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Mozilla Firefox before 48.0 allows remote attackers to\n obtain sensitive information about the previously\n retrieved page via Resource Timing API\n calls.(CVE-2016-5250)\n\n - Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 49.0 and Firefox ESR\n 45.x before 45.4 allow remote attackers to cause a\n denial of service (memory corruption and application\n crash) or possibly execute arbitrary code via unknown\n vectors.(CVE-2016-5257)\n\n - Integer overflow in the WebSocketChannel class in the\n WebSockets subsystem in Mozilla Firefox before 48.0\n allows remote attackers to execute arbitrary code or\n cause a denial of service (memory corruption) via\n crafted packets that trigger incorrect buffer-resize\n operations during buffering.(CVE-2016-5261)\n\n - Heap-based buffer overflow in the\n nsCaseTransformTextRunFactory::TransformString function\n in Mozilla Firefox before 49.0 and Firefox ESR 45.x\n before 45.4 allows remote attackers to cause a denial\n of service (boolean out-of-bounds write) or possibly\n have unspecified other impact via Unicode characters\n that are mishandled during text\n conversion.(CVE-2016-5270)\n\n - The nsImageGeometryMixin class in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 does not\n properly perform a cast of an unspecified variable\n during handling of INPUT elements, which allows remote\n attackers to execute arbitrary code via a crafted web\n site.(CVE-2016-5272)\n\n - Use-after-free vulnerability in the\n nsFrameManager::CaptureFrameState function in Mozilla\n Firefox before 49.0 and Firefox ESR 45.x before 45.4\n allows remote attackers to execute arbitrary code by\n leveraging improper interaction between restyling and\n the Web Animations model implementation.(CVE-2016-5274)\n\n - Use-after-free vulnerability in the\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n function in Mozilla Firefox before 49.0 and Firefox ESR\n 45.x before 45.4 allows remote attackers to execute\n arbitrary code or cause a denial of service (heap\n memory corruption) via an aria-owns\n attribute.(CVE-2016-5276)\n\n - Use-after-free vulnerability in the\n nsRefreshDriver::Tick function in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 allows\n remote attackers to execute arbitrary code or cause a\n denial of service (heap memory corruption) by\n leveraging improper interaction between timeline\n destruction and the Web Animations model\n implementation.(CVE-2016-5277)\n\n - Heap-based buffer overflow in the\n nsBMPEncoder::AddImageFrame function in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 allows\n remote attackers to execute arbitrary code via a\n crafted image data that is mishandled during the\n encoding of an image frame to an image.(CVE-2016-5278)\n\n - Use-after-free vulnerability in the\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom\n Map function in Mozilla Firefox before 49.0 and Firefox\n ESR 45.x before 45.4 allows remote attackers to execute\n arbitrary code via bidirectional text.(CVE-2016-5280)\n\n - Use-after-free vulnerability in the DOMSVGLength class\n in Mozilla Firefox before 49.0 and Firefox ESR 45.x\n before 45.4 allows remote attackers to execute\n arbitrary code by leveraging improper interaction\n between JavaScript code and an SVG\n document.(CVE-2016-5281)\n\n - Mozilla Firefox before 49.0 and Firefox ESR 45.x before\n 45.4 rely on unintended expiration dates for Preloaded\n Public Key Pinning, which allows man-in-the-middle\n attackers to spoof add-on updates by leveraging\n possession of an X.509 server certificate for\n addons.mozilla.org signed by an arbitrary built-in\n Certification Authority.(CVE-2016-5284)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1046\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bff0400\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-45.4.0-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:54:43", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "references": ["https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/", "https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.77drbpfyz", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/"], "description": "As expected, Mozilla patched a highly scrutinized flaw in its automated update process for add-ons in Firefox, specifically around the [expiration of certificate pins](<https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/>).\n\nThe vulnerability allowed attackers to intercept encrypted browser traffic, inject a malicious NoScript extension update and gain remote code execution. The flaw extended to the Tor Browser as well; Tor is built from the Firefox code base and was patched last Friday shortly after the bug was [disclosed](<https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.77drbpfyz>) by a researcher known as movrck.\n\nMozilla patched the flaw yesterday in [Firefox 49](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/>) and in [Firefox ESR 45.4](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/>).\n\nIn addition to movrck, the bug was also analyzed by researcher Ryan Duff, a former member of U.S. Cyber Command. Both said exploitation of the vulnerability would be a challenge given the circumstances that must be in place because an attacker would have to steal or forge a TLS certificate and then insert themselves in the traffic, either by running malicious Tor exit nodes or via a man-in-the-middle attack.\n\nThe attacker would then have to look for an add-on update for NoScript, insert their own and gain remote control of a compromised machine. Attacks against individuals would be much more difficult than to target Firefox or Tor users at scale. Successful exploits are likely in the realm of state-sponsored attackers or resourced criminal operations; movrck, for example, said an attack would likely cost $100,000 to execute.\n\nMozilla said the vulnerability, CVE-2016-5284, occurred in the process used to update Preloaded Public Key Pinning it its releases. Rather than using HTTP Public Key Pinning (HPKP), Mozilla used its own static pins that expire periodically. In this case, the pins expired on Sept. 3 and users were exposed to this attack for 17 days.\n\nAs is the case, movrck\u2019s research was serendipitous. As Duff pointed out, had he tried his attack at any time other than this 17 day period, it would have failed.\n\nMozilla on Friday admitted to the flaws in its update process and to the expired pins. Mozilla\u2019s Selena Deckelmann, a senior manager of security engineering, said the organization was not aware of malicious certs in the wild, though cautioned that Tor users are especially in the line of fire given that the Tor Browser comes pre-loaded with certain privacy-focused add-ons.\n\nThis scenario of expired pins would happen again two more times before the end of this year, Duff learned, with the biggest exposure starting Dec. 17 when Firefox 50 pins were set to expire, but would not be updated until Jan. 24, 2017. The current expiration date in today\u2019s update will carry Mozilla through to November and it will have until then to address this.\n\nThe certificate pinning vulnerability was rated high severity by Mozilla, which yesterday patched four bugs in Firefox 49 it rated critical.\n\nTwo separate \u201cmemory safety bugs,\u201d CVE-2016-5256 and CVE-2016-5257, were patched, both of which were found internally by Mozilla developers and could expose machines to arbitrary code execution.\n\nAlso patched with a global buffer overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions, which occurred when working with empty filters during canvas rendering, Mozilla said.\n\nThe remaining critical flaw was a heap buffer overflow in nsBMPEncoder::AddImageFrame during the encoding of image frames to images and could lead to an exploitable crash. This vulnerability, along with CVE-2016-5257, were also rated critical and patched in Firefox ESR 45.4.\n", "reporter": "Michael Mimoso", "published": "2016-09-21T08:58:18", "type": "threatpost", "title": "Mozilla Patches Certificate Pinning Vulnerability in Firefox", "enchantments": {"score": {"modified": "2018-10-06T22:54:43", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5284"], "_object_type": "robots.models.threatpost.ThreatpostBulletin", "modified": "2016-09-21T19:38:53", "id": "THREATPOST:32A7325990396546FE884DF669A90919", "href": "https://threatpost.com/mozilla-patches-certificate-pinning-vulnerability-in-firefox/120747/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:49", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5276", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5284", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5270", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5280", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5257", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5274", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5278", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5272", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5250", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5281", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5277"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:45.4.0+build1-0ubuntu0.16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "1:45.4.0+build1-0ubuntu0.16.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1:45.4.0+build1-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1:45.4.0+build1-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250)\n\nChristoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270)\n\nAbhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272)\n\nA use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274)\n\nA use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278)\n\nMei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP). If a man-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284)", "edition": 3, "reporter": "Ubuntu", "published": "2016-10-27T00:00:00", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-10-27T00:00:00", "id": "USN-3112-1", "href": "https://usn.ubuntu.com/3112-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:52", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5276", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5271", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5256", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5283", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5284", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5270", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5280", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5282", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5273", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5257", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5274", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5279", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5278", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5272", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5281", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2827", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5277", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5275"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "49.0+build4-0ubuntu0.16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "49.0+build4-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "49.0+build4-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827)\n\nChristoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270)\n\nAbhishek Arya discovered an out of bounds read during the processing of text runs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-5271)\n\nAbhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272)\n\nA crash was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5273)\n\nA use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274)\n\nA buffer overflow was discovered when working with empty filters during canvas rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5275)\n\nA use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278)\n\nRafael Gieschke discovered that the full path of files is available to web pages after a drag and drop operation. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5279)\n\nMei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281)\n\nRichard Newman discovered that favicons can be loaded through non-whitelisted protocols, such as jar:. (CVE-2016-5282)\n\nGavin Sharp discovered a timing attack vulnerability involving document resizes and link colours. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5283)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP). If a man-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284)", "edition": 3, "reporter": "Ubuntu", "published": "2016-09-22T00:00:00", "title": "Firefox vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2016-09-22T00:00:00", "id": "USN-3076-1", "href": "https://usn.ubuntu.com/3076-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-10-04T13:27:37", "references": ["https://bugzilla.suse.com/991344", "https://bugzilla.suse.com/999701"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-devel-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-translations-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-devel-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-translations-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.ppc64le.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.4.0esr-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-81.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.4.0esr-81.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.4.0esr-81.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}], "edition": 1, "description": "MozillaFirefox was updated to version 45.4.0 ESR to fix the following\n issues:\n\n Security issues fixed: (bsc#999701 MFSA 2016-86):\n * CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n * CVE-2016-5272: Bad cast in nsImageGeometryMixin\n * CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n * CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState\n * CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n * CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n * CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n * CVE-2016-5281: use-after-free in DOMSVGLength\n * CVE-2016-5284: Add-on update site certificate pin expiration\n * CVE-2016-5250: Resource Timing API is storing resources sent by the\n previous page\n * CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel\n * CVE-2016-5257: Memory safety bugs fixed in Firefox 49 and Firefox ESR\n 45.4\n\n Bug fixed:\n - Fix for aarch64 Firefox startup crash (bsc#991344)\n\n", "reporter": "Suse", "published": "2016-10-04T13:10:47", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-10-04T13:10:47", "id": "SUSE-SU-2016:2434-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00001.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-04T13:27:37", "references": ["https://bugzilla.suse.com/999701"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "i586", "packageFilename": "MozillaFirefox-45.4.0esr-52.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-52.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-52.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-52.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-52.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-52.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-52.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-45.4.0esr-52.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.4.0esr-52.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-52.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.4.0esr-52.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.4.0esr-52.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-52.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}], "edition": 1, "description": "MozillaFirefox was updated to 45.4.0 ESR to fix the following issues\n (bsc#999701):\n\n The following security issue were fixed:\n * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin\n * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n * MFSA 2016-86/CVE-2016-5274: use-after-free in\n nsFrameManager::CaptureFrameState\n * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame\n * MFSA 2016-86/CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength\n * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration\n * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources\n sent by the previous page\n * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in\n WebSocketChannel\n * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox\n 49 and Firefox ESR 45.4\n\n", "reporter": "Suse", "published": "2016-10-04T13:09:46", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-10-04T13:09:46", "id": "SUSE-SU-2016:2431-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-12T21:27:41", "references": ["https://bugzilla.suse.com/999701"], "affectedPackage": [{"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ia64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-53.1.ia64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-53.1.ppc64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-53.1.ppc64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-devel-45.4.0esr-53.1.ppc64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ia64", "packageFilename": "MozillaFirefox-devel-45.4.0esr-53.1.ia64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-devel-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ia64", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-53.1.ia64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.ppc64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ia64", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "45.4.0esr-53.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "i586", "packageFilename": "MozillaFirefox-45.4.0esr-53.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-45.4.0esr-53.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.4.0esr-53.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-translations-45.4.0esr-53.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}], "edition": 1, "description": "MozillaFirefox was updated to 45.4.0 ESR to fix the following issues\n (bsc#999701):\n\n The following security issue were fixed:\n * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin\n * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n * MFSA 2016-86/CVE-2016-5274: use-after-free in\n nsFrameManager::CaptureFrameState\n * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame\n * MFSA 2016-86/CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength\n * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration\n * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources\n sent by the previous page\n * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in\n WebSocketChannel\n * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox\n 49 and Firefox ESR 45.4\n\n", "reporter": "Suse", "published": "2016-10-12T20:08:55", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2016-10-12T20:08:55", "id": "SUSE-SU-2016:2513-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00025.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-24T20:38:57", "references": ["https://bugzilla.suse.com/999701"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-3.25-46.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-32bit-3.25-29.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.25-46.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-32bit-3.25-46.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-49.0-80.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debugsource-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-49.0-33.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-32bit-3.25-29.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-49.0-80.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-49.0-80.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-49.0-33.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-debuginfo-3.25-46.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "libfreebl3-3.25-29.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "libfreebl3-debuginfo-3.25-29.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.25-46.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-49.0-33.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "i586", "packageFilename": "MozillaFirefox-49.0-33.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-49.0-80.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-3.25-29.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-3.25-29.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-49.0-80.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.25-29.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-49.0-80.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-49.0-33.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-49.0-33.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-49.0-80.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-49.0-80.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.25-29.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-49.0-33.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-debuginfo-3.25-29.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "libsoftokn3-3.25-29.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-debugsource-3.25-29.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.25-46.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "libsoftokn3-debuginfo-3.25-46.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-3.25-46.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-49.0-80.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-49.0-80.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.25-29.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "libfreebl3-debuginfo-3.25-46.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-49.0-33.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-49.0-33.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-debuginfo-3.25-46.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "libsoftokn3-debuginfo-3.25-29.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "libsoftokn3-3.25-46.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-32bit-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.25-46.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-debugsource-3.25-46.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-49.0-33.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-49.0-33.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-debuginfo-3.25-46.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.25-46.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.25-29.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-debuginfo-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-49.0-33.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-49.0-80.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "i586", "packageFilename": "MozillaFirefox-49.0-80.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-49.0-80.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-49.0-33.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-debuginfo-3.25-29.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-49.0-80.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.25-46.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.25-46.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-49.0-80.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debugsource-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.25-29.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "49.0-80.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-49.0-80.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.25-46.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "libfreebl3-3.25-46.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-debuginfo-3.25-29.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-49.0-33.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-32bit-3.25-46.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.25-29.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.25-29.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-49.0-33.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-3.25-46.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "49.0-33.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-49.0-33.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.25-46.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.25-29.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.25-29.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-debuginfo-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.25-29.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.25-29.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-3.25-29.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "3.25-46.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-32bit-3.25-46.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "operator": "lt"}], "edition": 1, "description": "This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n MozillaFirefox was updated to version 49.0 (boo#999701)\n - New features\n * Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP\n logins.\n * Added features to Reader Mode that make it easier on the eyes and the\n ears\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n * Improvements in about:memory reports for tracking font memory usage\n - Security related fixes\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to\n web pages after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength\n CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons\n from non-whitelisted schemes CVE-2016-5283 (bmo#928187) - <iframe src>\n fragment timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin expiration\n CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 -\n Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n * Implemented DHE key agreement for TLS 1.3\n * Added support for ChaCha with TLS 1.3\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n * In previous versions, when using client authentication with TLS 1.2,\n NSS only supported certificate_verify messages that used the same\n signature hash algorithm as used by the PRF. This limitation has been\n removed.\n * Several functions have been added to the public API of the NSS\n Cryptoki Framework. New functions:\n * NSSCKFWSlot_GetSlotID\n * NSSCKFWSession_GetFWSlot\n * NSSCKFWInstance_DestroySessionHandle\n * NSSCKFWInstance_FindSessionHandle Notable changes:\n * An SSL socket can no longer be configured to allow both TLS 1.3 and\n SSLv3\n * Regression fix: NSS no longer reports a failure if an application\n attempts to disable the SSLv2 protocol.\n * The list of trusted CA certificates has been updated to version 2.8\n * The following CA certificate was Removed Sonera Class1 CA\n * The following CA certificates were Added Hellenic Academic and\n Research Institutions RootCA 2015 Hellenic Academic and Research\n Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2\n OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3\n\n", "reporter": "Suse", "published": "2016-09-24T20:10:13", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2016-09-24T20:10:13", "id": "OPENSUSE-SU-2016:2368-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00019.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T16:38:57", "references": ["https://bugzilla.suse.com/999701"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-3.25-91.1.i586.rpm", "packageName": "mozilla-nss", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libsoftokn3-debuginfo-3.25-91.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libsoftokn3-3.25-91.1.x86_64.rpm", "packageName": "libsoftokn3", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libfreebl3-debuginfo-3.25-91.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-translations-common-49.0.1-125.2.i586.rpm", "packageName": "MozillaFirefox-translations-common", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-debuginfo-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-devel-49.0.1-125.2.i586.rpm", "packageName": "MozillaFirefox-devel", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libfreebl3-3.25-91.1.i586.rpm", "packageName": "libfreebl3", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-certs-32bit-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-translations-common-49.0.1-125.2.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libfreebl3-debuginfo-3.25-91.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-49.0.1-125.2.i586.rpm", "packageName": "MozillaFirefox", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-devel-3.25-91.1.i586.rpm", "packageName": "mozilla-nss-devel", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-debuginfo-32bit-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-branding-upstream-49.0.1-125.2.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-translations-other-49.0.1-125.2.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libfreebl3-3.25-91.1.x86_64.rpm", "packageName": "libfreebl3", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-tools-3.25-91.1.i586.rpm", "packageName": "mozilla-nss-tools", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-branding-upstream-49.0.1-125.2.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-translations-other-49.0.1-125.2.i586.rpm", "packageName": "MozillaFirefox-translations-other", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-debugsource-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-debuginfo-49.0.1-125.2.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libsoftokn3-debuginfo-32bit-3.25-91.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-devel-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-devel-49.0.1-125.2.x86_64.rpm", "packageName": "MozillaFirefox-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-49.0.1-125.2.x86_64.rpm", "packageName": "MozillaFirefox", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-debuginfo-3.25-91.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-tools-debuginfo-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.25-91.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-debugsource-3.25-91.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-debuginfo-49.0.1-125.2.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-buildsymbols-49.0.1-125.2.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-sysinit-3.25-91.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libfreebl3-32bit-3.25-91.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-tools-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-debugsource-49.0.1-125.2.i586.rpm", "packageName": "MozillaFirefox-debugsource", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-certs-debuginfo-3.25-91.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-tools-debuginfo-3.25-91.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-debugsource-49.0.1-125.2.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libsoftokn3-32bit-3.25-91.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-sysinit-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libfreebl3-debuginfo-32bit-3.25-91.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-sysinit-32bit-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libsoftokn3-3.25-91.1.i586.rpm", "packageName": "libsoftokn3", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-32bit-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-certs-debuginfo-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "49.0.1-125.2", "packageFilename": "MozillaFirefox-buildsymbols-49.0.1-125.2.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-certs-3.25-91.1.i586.rpm", "packageName": "mozilla-nss-certs", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "mozilla-nss-certs-3.25-91.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.25-91.1", "packageFilename": "libsoftokn3-debuginfo-3.25-91.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "arch": "i586", "operator": "lt"}], "description": "MozillaFirefox was updated to version 49.0 (boo#999701)\n - New features\n * Updated Firefox Login Manager to allow HTTPS pages to use saved\n HTTP logins.\n * Added features to Reader Mode that make it easier on the eyes and\n the ears\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n * Improvements in about:memory reports for tracking font memory usage\n - Security related fixes\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick\n CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web\n pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281\n (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335)\n - Don't allow content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can\n reveal cross-origin data CVE-2016-5284 (bmo#1303127) - Add-on update site\n certificate pin expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and\n Firefox ESR 45.4\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n * Implemented DHE key agreement for TLS 1.3\n * Added support for ChaCha with TLS 1.3\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n * In previous versions, when using client authentication with TLS\n 1.2, NSS only supported certificate_verify messages that used the same\n signature hash algorithm as used by the PRF. This limitation has been\n removed.\n * Several functions have been added to the public API of the NSS\n Cryptoki Framework. New functions:\n * NSSCKFWSlot_GetSlotID\n * NSSCKFWSession_GetFWSlot\n * NSSCKFWInstance_DestroySessionHandle\n * NSSCKFWInstance_FindSessionHandle Notable changes:\n * An SSL socket can no longer be configured to allow both TLS 1.3 and\n SSLv3\n * Regression fix: NSS no longer reports a failure if an application\n attempts to disable the SSLv2 protocol.\n * The list of trusted CA certificates has been updated to version 2.8\n * The following CA certificate was Removed Sonera Class1 CA\n * The following CA certificates were Added Hellenic Academic and\n Research Institutions RootCA 2015 Hellenic Academic and Research\n Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2\n OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3\n\n", "edition": 1, "reporter": "Suse", "published": "2016-09-26T18:10:55", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2016-09-26T18:10:55", "id": "OPENSUSE-SU-2016:2386-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00021.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2018-11-16T08:22:46", "references": [], "description": "### *CVSS*:\n7.5\n\n### *Detect date*:\n10/20/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information.\n\n### *Affected products*:\nMozilla Thunderbird versions earlier than 45.4\n\n### *Solution*:\nUpdate to the latest version \n[Mozilla Thunderbird download page](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-88/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2016-5284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284>) \n[CVE-2016-5281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281>) \n[CVE-2016-5280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280>) \n[CVE-2016-5278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278>) \n[CVE-2016-5277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277>) \n[CVE-2016-5276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276>) \n[CVE-2016-5274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274>) \n[CVE-2016-5272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272>) \n[CVE-2016-5270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270>) \n[CVE-2016-5257](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257>) \n[CVE-2016-5250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250>)", "edition": 24, "reporter": "Kaspersky Lab", "published": "2016-10-20T00:00:00", "title": "\r KLA10889Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2018-11-15T00:00:00", "id": "KLA10889", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10889", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-16T08:23:43", "references": [], "description": "### *CVSS*:\n7.5\n\n### *Detect date*:\n09/13/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information.\n\n### *Affected products*:\nMozilaa Firefox versions earlier than 49 \nMozilla Firefox ESR versions earlier than 45.4\n\n### *Solution*:\nUpdate to the latest version \n[Get Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Get Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Firefox advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/>) \n[Mozilla Firefox ESR advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-5284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284>) \n[CVE-2016-5281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281>) \n[CVE-2016-5280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280>) \n[CVE-2016-5278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278>) \n[CVE-2016-5277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277>) \n[CVE-2016-5276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276>) \n[CVE-2016-5274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274>) \n[CVE-2016-5272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272>) \n[CVE-2016-5270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270>) \n[CVE-2016-5257](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257>) \n[CVE-2016-5250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250>) \n[CVE-2016-5283](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5283>) \n[CVE-2016-5282](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5282>) \n[CVE-2016-5279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5279>) \n[CVE-2016-5275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5275>) \n[CVE-2016-5273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5273>) \n[CVE-2016-5271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5271>) \n[CVE-2016-5256](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5256>) \n[CVE-2016-2827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2827>) \n[CVE-2016-5261](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261>)", "edition": 25, "reporter": "Kaspersky Lab", "published": "2016-09-13T00:00:00", "title": "\r KLA10876Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2018-11-15T00:00:00", "id": "KLA10876", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10876", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-22T21:22:32", "references": ["https://access.redhat.com/security/cve/CVE-2016-5274", "https://access.redhat.com/security/cve/CVE-2016-5278", "https://access.redhat.com/security/cve/CVE-2016-5276", "https://access.redhat.com/security/cve/CVE-2016-5282", "https://access.redhat.com/security/cve/CVE-2016-5256", "https://access.redhat.com/security/cve/CVE-2016-5280", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/", "https://access.redhat.com/security/cve/CVE-2016-5271", "https://access.redhat.com/security/cve/CVE-2016-5273", "https://access.redhat.com/security/cve/CVE-2016-5277", "https://access.redhat.com/security/cve/CVE-2016-5270", "https://access.redhat.com/security/cve/CVE-2016-5275", "https://access.redhat.com/security/cve/CVE-2016-5257", "https://access.redhat.com/security/cve/CVE-2016-5279", "https://access.redhat.com/security/cve/CVE-2016-5284", "https://access.redhat.com/security/cve/CVE-2016-5281", "https://access.redhat.com/security/cve/CVE-2016-5272", "https://access.redhat.com/security/cve/CVE-2016-5283"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "49.0-1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "edition": 1, "description": "- CVE-2016-5256 (arbitrary code execution)\n\nMozilla developers Christoph Diehl, Christian Holler, Gary Kwong,\nNathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported\nmemory safety bugs present in Firefox 48. Some of these bugs showed\nevidence of memory corruption under certain circumstances could\npotentially exploited to run arbitrary code.\n\n- CVE-2016-5257 (arbitrary code execution)\n\nMozilla developers and community members Christoph Diehl, Andrew\nMcCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson\nSmith, Philipp, and Carsten Book reported memory safety bugs present in\nFirefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of\nmemory corruption and we presume that with enough effort at least some\nof these could be exploited to run arbitrary code.\n\n- CVE-2016-5270 (arbitrary code execution)\n\nAn out-of-bounds write of a boolean value during text conversion with\nsome unicode characters.\n\n- CVE-2016-5271 (information disclosure)\n\nAn out-of-bounds read during the processing of text runs in some pages\nusing display:contents.\n\n- CVE-2016-5272 (arbitrary code execution)\n\nA bad cast when processing layout with input elements can result in a\npotentially exploitable crash.\n\n- CVE-2016-5273 (arbitrary code execution)\n\nA potentially exploitable crash in accessibility in the\nmozilla::a11y::HyperTextAccessible::GetChildOffset function.\n\n- CVE-2016-5274 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the\nnsFrameManager::CaptureFrameState function in web animations during\nrestyling.\n\n- CVE-2016-5275 (arbitrary code execution)\n\nA buffer overflow vulnerability has been discovered in the\nmozilla::gfx::FilterSupport::ComputeSourceNeededRegions function when\nworking with empty filters during canvas rendering.\n\n- CVE-2016-5276 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the\nmozilla::a11y::DocAccessible::ProcessInvalidationList function\ntriggered by setting a aria-owns attribute.\n\n- CVE-2016-5277 (arbitrary code execution)\n\nA user-after-free vulnerability has been disconvered in the\nnsRefreshDriver::Tick function with web animations when destroying a\ntimeline.\n\n- CVE-2016-5278 (arbitrary code execution)\n\nA potentially exploitable crash caused by a heap based buffer overflow\nhas been discovered in the nsBMPEncoder::AddImageFrame function while\nencoding image frames to images.\n\n- CVE-2016-5279 (information disclosure)\n\nThe full path to local files is available to scripts when local files\nare drag and dropped into Firefox.\n\n- CVE-2016-5280 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the\nmozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function\nwhen changing text direction.\n\n- CVE-2016-5281 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the DOMSVGLength\nwhen manipulating SVG format content through a script.\n\n- CVE-2016-5282 (access restriction bypass)\n\nFavicons can be loaded through non-whitelisted protocols, such as jar.\n\n- CVE-2016-5283 (information disclosure)\n\nA timing attack vulnerability was discovered using iframes to\npotentially reveal private cross-origin data using document resizes and\nlink colors.\n\n- CVE-2016-5284 (certificate verification bypass)\n\nDue to flaws in the process used to update "Preloaded Public Key\nPinning", the pinning for add-on updates became ineffective in early\nSeptember. An attacker who was able to get a mis-issued certificate for\na Mozilla web site could send malicious add-on updates to users on\nnetworks controlled by the attacker. Users who have not installed any\nadd-ons are not affected.", "reporter": "Arch Linux", "published": "2016-09-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "archlinux", "title": "firefox: multiple issues", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2016-09-22T00:00:00", "id": "ASA-201609-22", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:10", "references": ["https://www.mozilla.org/security/advisories/mfsa2016-86/", "https://www.mozilla.org/security/advisories/mfsa2016-85/", "https://www.mozilla.org/security/advisories/mfsa2016-88/"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "49.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.46", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "45.4.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "45.4.0,2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.46", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "45.4.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxul", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "45.4.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "45.4.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-esr", "operator": "lt"}], "description": "\nMozilla Foundation reports:\n\nCVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]\nCVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]\nCVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]\nCVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]\nCVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]\nCVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]\nCVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]\nCVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]\nCVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]\nCVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]\nCVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]\nCVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]\nCVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]\nCVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]\nCVE-2016-5281 - use-after-free in DOMSVGLength [high]\nCVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]\nCVE-2016-5283 - <iframe src> fragment timing attack can reveal cross-origin data [high]\nCVE-2016-5284 - Add-on update site certificate pin expiration [high]\n\n", "edition": 4, "reporter": "FreeBSD", "published": "2016-09-13T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2016-10-21T00:00:00", "id": "2C57C47E-8BB3-4694-83C8-9FC3ABAD3964", "href": "https://vuxml.freebsd.org/freebsd/2c57c47e-8bb3-4694-83c8-9fc3abad3964.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2017-01-03T14:14:21", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5296", "https://bugs.gentoo.org/show_bug.cgi?id=601320", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5253", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5283", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9900", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2810", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2806", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9904", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5282", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642", "https://bugs.gentoo.org/show_bug.cgi?id=539242", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5274", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5263", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2811", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9895", "https://bugs.gentoo.org/show_bug.cgi?id=604024", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5264", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2813", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5251", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9901", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2827", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5260", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5252", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825", "https://bugs.gentoo.org/show_bug.cgi?id=541506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5270", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9902", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5262", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5254", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5271", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5277", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5261", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9079", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5281", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5284", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9899", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5279", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5250", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2812", "https://bugs.gentoo.org/show_bug.cgi?id=599924", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5272", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5276", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9898", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2816", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5290", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9897", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5255", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5294", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2808", "https://bugs.gentoo.org/show_bug.cgi?id=590330", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5268", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2804", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5291", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5259", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9064", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5267", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5280", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5258", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5278", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2807", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5273", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5293", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9066", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5257", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5265", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2835", "https://bugs.gentoo.org/show_bug.cgi?id=602576", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5275", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5266", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2814", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5256", "https://bugs.gentoo.org/show_bug.cgi?id=594616", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830", "https://bugs.gentoo.org/show_bug.cgi?id=581326", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5297", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2805", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9893"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.38", "arch": "all", "packageName": "www-client/seamonkey-bin", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "45.6.0", "arch": "all", "packageName": "mail-client/thunderbird", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "45.6.0", "arch": "all", "packageName": "www-client/firefox", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.38", "arch": "all", "packageName": "www-client/seamonkey", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "45.6.0", "arch": "all", "packageName": "mail-client/thunderbird-bin", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "45.6.0", "arch": "all", "packageName": "www-client/firefox-bin", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "### Background\n\nMozilla Firefox is a cross-platform web browser from Mozilla. The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL (XML User Interface Language). SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, SeaMonkey, and Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-45.6.0\"\n \n\nAll Firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-45.6.0\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-45.6.0\"\n \n\nAll Thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-45.6.0\"\n \n\nAll SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.38\"\n \n\nAll SeaMonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.38\"", "reporter": "Gentoo Foundation", "published": "2017-01-03T00:00:00", "type": "gentoo", "title": "Mozilla Firefox, SeaMonkey, Thunderbird: Multiple vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2016-9893", "CVE-2015-0831", "CVE-2016-5266", "CVE-2016-5290", "CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5252", "CVE-2015-0832", "CVE-2016-5281", "CVE-2016-2816", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-5297", "CVE-2016-2827", "CVE-2015-0825", "CVE-2015-0821", "CVE-2016-2817", "CVE-2016-5250", "CVE-2016-2805", "CVE-2015-0828", "CVE-2016-5259", "CVE-2016-5274", "CVE-2016-9904", "CVE-2016-5261", "CVE-2016-5267", "CVE-2016-9064", "CVE-2016-5254", "CVE-2016-5284", "CVE-2016-2814", "CVE-2015-0826", "CVE-2016-5296", "CVE-2016-9899", "CVE-2016-5265", "CVE-2016-9079", "CVE-2016-5270", "CVE-2016-9898", "CVE-2014-8642", "CVE-2014-8637", "CVE-2016-5264", "CVE-2014-8636", "CVE-2016-2813", "CVE-2016-9902", "CVE-2015-0819", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-5283", "CVE-2016-9074", "CVE-2016-5277", "CVE-2015-0834", "CVE-2016-2804", "CVE-2016-2809", "CVE-2016-9897", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-9066", "CVE-2014-8641", "CVE-2015-0835", "CVE-2016-9905", "CVE-2016-5258", "CVE-2016-9895", "CVE-2016-2810", "CVE-2016-9900", "CVE-2016-5293", "CVE-2016-5260", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-5268", "CVE-2016-5257", "CVE-2016-2838", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-9901", "CVE-2016-2807", "CVE-2016-5272", "CVE-2014-8634", "CVE-2015-0823", "CVE-2016-5251", "CVE-2016-2806", "CVE-2016-5273", "CVE-2016-2837", "CVE-2015-0836", "CVE-2016-5276", "CVE-2016-2812", "CVE-2014-8639", "CVE-2015-0829", "CVE-2016-5262", "CVE-2015-0822", "CVE-2016-5253", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2016-5279", "CVE-2014-8635", "CVE-2014-8638", "CVE-2016-5255", "CVE-2016-5275", "CVE-2016-2830", "CVE-2016-5282", "CVE-2015-0820", "CVE-2016-2820", "CVE-2015-0833"], "modified": "2017-01-03T00:00:00", "href": "https://security.gentoo.org/glsa/201701-15", "id": "GLSA-201701-15", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
