GLSA-200805-18 : Mozilla products: Multiple vulnerabilities

2008-05-22T00:00:00

Description

The remote host is affected by the vulnerability described The following vulnerabilities were reported in all mentioned Mozilla Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, David Bloom discovered a vulnerability in the way images are treated by moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of Mozilla developers identified browser crashes caused by the layout and moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from Gerry Eisenhaur discovered a directory traversal vulnerability when Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported The following vulnerability was reported in Thunderbird and regenrecht (via iDefense) reported a heap-based buffer overflow when The following vulnerabilities were reported in Firefox, SeaMonkey and The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey hong and Gregory Fleischer each reported a variant on earlier Gynvael Coldwind (Vexillium) discovered that BMP images could be used Chris Thomas reported that background tabs could create a borderless oo.rio.oo discovered that a plain text file with a 'Content-Disposition: Martin Straka reported that the '.href' property of stylesheet DOM Gregory Fleischer discovered that under certain circumstances, leading Peter Brodersen and Alexander Klink reported that the browser Gregory Fleischer reported that web content fetched via the 'jar:' The following vulnerabilities were reported in Firefox: Justin Dolske discovered a CRLF injection vulnerability when storing Michal Zalewski discovered that Firefox does not properly manage a Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery Impact : A remote attacker could entice a user to view a specially crafted web Workaround : There is no known workaround at this time. in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities) products: Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415). using 'flat' addons (CVE-2008-0418). multiple character handling flaws related to the backspace character, the '0x80' character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416). SeaMonkey: rendering an email message with an external MIME body (CVE-2008-0304). XULRunner: 1.1.9 introduced a new crash vulnerability (CVE-2008-1380). reported bugs regarding focus shifting in file input controls (CVE-2008-0414). to reveal uninitialized memory, and that this data could be extracted using a 'canvas' feature (CVE-2008-0420). XUL pop-up in front of pages in other tabs (CVE-2008-1241). attachment' prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592). nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593). characters from the hostname part of the 'Referer:' HTTP header are removed (CVE-2008-1238). automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879). protocol was not subject to network access restrictions (CVE-2008-1240). passwords (CVE-2008-0417). delay timer used in confirmation dialogs (CVE-2008-0591). warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594). page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.

{"id": "GENTOO_GLSA-200805-18.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200805-18 : Mozilla products: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities)\n\n The following vulnerabilities were reported in all mentioned Mozilla products:\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412).\n Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413).\n David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419).\n moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).\n Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237).\n moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415).\n Gerry Eisenhaur discovered a directory traversal vulnerability when using 'flat' addons (CVE-2008-0418).\n Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the '0x80' character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416).\n The following vulnerability was reported in Thunderbird and SeaMonkey:\n regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304).\n The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner:\n The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380).\n hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414).\n Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a 'canvas' feature (CVE-2008-0420).\n Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241).\n oo.rio.oo discovered that a plain text file with a 'Content-Disposition: attachment' prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592).\n Martin Straka reported that the '.href' property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593).\n Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the 'Referer:' HTTP header are removed (CVE-2008-1238).\n Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879).\n Gregory Fleischer reported that web content fetched via the 'jar:' protocol was not subject to network access restrictions (CVE-2008-1240).\n The following vulnerabilities were reported in Firefox:\n Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417).\n Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591).\n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594).\n Impact :\n\n A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-05-22T00:00:00", "modified": "2021-01-06T00:00:00", "epss": [{"cve": "CVE-2007-4879", "epss": 0.0234, "percentile": 0.88571, "modified": "2023-12-06"}, {"cve": "CVE-2008-0304", "epss": 0.31554, "percentile": 0.96536, "modified": "2023-12-06"}, {"cve": "CVE-2008-0412", "epss": 0.09818, "percentile": 0.94229, "modified": "2023-12-06"}, {"cve": "CVE-2008-0413", "epss": 0.15203, "percentile": 0.95295, "modified": "2023-12-06"}, {"cve": "CVE-2008-0414", "epss": 0.01233, "percentile": 0.83825, "modified": "2023-12-06"}, {"cve": "CVE-2008-0415", "epss": 0.00694, "percentile": 0.77887, "modified": "2023-12-06"}, {"cve": "CVE-2008-0416", "epss": 0.00819, "percentile": 0.79853, "modified": "2023-12-06"}, {"cve": "CVE-2008-0417", "epss": 0.01275, "percentile": 0.84126, "modified": "2023-12-06"}, {"cve": "CVE-2008-0418", "epss": 0.00955, "percentile": 0.81426, "modified": "2023-12-06"}, {"cve": "CVE-2008-0419", "epss": 0.06421, "percentile": 0.92932, "modified": "2023-12-06"}, {"cve": "CVE-2008-0420", "epss": 0.06462, "percentile": 0.92955, "modified": "2023-12-06"}, {"cve": "CVE-2008-0591", "epss": 0.02863, "percentile": 0.89623, "modified": "2023-12-06"}, {"cve": "CVE-2008-0592", "epss": 0.05966, "percentile": 0.92666, "modified": "2023-12-06"}, {"cve": "CVE-2008-0593", "epss": 0.00561, "percentile": 0.75079, "modified": "2023-12-06"}, {"cve": "CVE-2008-0594", "epss": 0.02001, "percentile": 0.87555, "modified": "2023-12-06"}, {"cve": "CVE-2008-1233", "epss": 0.41595, "percentile": 0.96939, "modified": "2023-12-06"}, {"cve": "CVE-2008-1234", "epss": 0.00632, "percentile": 0.76653, "modified": "2023-12-06"}, {"cve": "CVE-2008-1235", "epss": 0.49034, "percentile": 0.97188, "modified": "2023-12-06"}, {"cve": "CVE-2008-1236", "epss": 0.34562, "percentile": 0.96682, "modified": "2023-12-06"}, {"cve": "CVE-2008-1237", "epss": 0.34562, "percentile": 0.96682, "modified": "2023-12-06"}, {"cve": "CVE-2008-1238", "epss": 0.00922, "percentile": 0.81073, "modified": "2023-12-06"}, {"cve": "CVE-2008-1240", "epss": 0.01227, "percentile": 0.83757, "modified": "2023-12-06"}, {"cve": "CVE-2008-1241", "epss": 0.00758, "percentile": 0.78977, "modified": "2023-12-06"}, {"cve": "CVE-2008-1380", "epss": 0.04713, "percentile": 0.91746, "modified": "2023-12-06"}], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32416", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0420", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0414", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237", "https://security.gentoo.org/glsa/200805-18", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0594", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238"], "cvelist": ["CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380"], "immutableFields": [], "lastseen": "2023-12-08T14:24:23", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2008:0103", "CESA-2008:0104", "CESA-2008:0104-01", "CESA-2008:0105", "CESA-2008:0207", "CESA-2008:0208", "CESA-2008:0208-01", "CESA-2008:0209", "CESA-2008:0222", "CESA-2008:0223", "CESA-2008:0223-02", "CESA-2008:0224"]}, {"type": "cert", "idList": ["VU:309608", "VU:441529", "VU:466521", "VU:661651", "VU:879056"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2008-0453", "CPAI-2008-274"]}, {"type": "cve", "idList": ["CVE-2007-3090", "CVE-2007-4879", "CVE-2007-6524", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-0894", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380", "CVE-2008-1580"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1484-1:87969", "DEBIAN:DSA-1485-1:95345", "DEBIAN:DSA-1485-2:D3677", "DEBIAN:DSA-1489-1:68AB5", "DEBIAN:DSA-1506-1:BBA3D", "DEBIAN:DSA-1506-2:54D82", "DEBIAN:DSA-1532-1:C8439", "DEBIAN:DSA-1534-1:C0870", "DEBIAN:DSA-1534-2:56C6B", "DEBIAN:DSA-1535-1:5D1F2", "DEBIAN:DSA-1555-1:8EB8C", "DEBIAN:DSA-1558-1:35D0F", "DEBIAN:DSA-1562-1:9B6E3", "DEBIAN:DSA-1574-1:15C57", "DEBIAN:DSA-1621-1:503C9", "DEBIAN:DSA-1696-1:A5184", "DEBIAN:DSA-1697-1:8C099"]}, {"type": "fedora", "idList": ["FEDORA:M1D4PHXM003988", "FEDORA:M1D4PHXN003988", "FEDORA:M1D4PHXO003988", "FEDORA:M1D4PHXP003988", "FEDORA:M1D4PHXQ003988", "FEDORA:M1D4PHXR003988", "FEDORA:M1D4PHXS003988", "FEDORA:M1D4PHXT003988", "FEDORA:M1D4PIXI003989", "FEDORA:M1D4PIXJ003989", "FEDORA:M1D4PIXK003989", "FEDORA:M1D4PIXL003989", "FEDORA:M1D4PIXM003989", "FEDORA:M1D4PIXN003989", "FEDORA:M1D4QHXF004158", "FEDORA:M1D559HS005482", "FEDORA:M1D559HT005482", "FEDORA:M1D559HU005482", "FEDORA:M1D559HV005482", "FEDORA:M1D559HW005482", "FEDORA:M1D559HX005482", "FEDORA:M1D559HY005482", "FEDORA:M1D559RM005480", "FEDORA:M1D559RN005480", "FEDORA:M1D559RO005480", "FEDORA:M1D559RP005480", "FEDORA:M1D559RQ005480", "FEDORA:M1D559RR005480", "FEDORA:M1D559RS005480", "FEDORA:M1D559RT005480", "FEDORA:M1D559RU005480", "FEDORA:M1DFACWB003439", "FEDORA:M1SLCPXW026397", "FEDORA:M1SLK2VB027437", "FEDORA:M2QHGFZE004224", "FEDORA:M2QHGFZF004224", "FEDORA:M2QHHVG3004301", "FEDORA:M2QHHVG4004301", "FEDORA:M2QHHVG5004301", "FEDORA:M2QHHVG6004301", "FEDORA:M2QHHVG7004301", "FEDORA:M2QHHVG8004301", "FEDORA:M2QHHVZ5004302", "FEDORA:M2QHHVZ6004302", "FEDORA:M2QHHVZ7004302", "FEDORA:M2QHHVZ8004302", "FEDORA:M2QHHVZ9004302", "FEDORA:M2QHHVZA004302", "FEDORA:M2QHIN9G004419", "FEDORA:M2QHIN9H004419", "FEDORA:M2QHIN9I004419", "FEDORA:M2QHISB7004425", "FEDORA:M2QHISB8004425", "FEDORA:M2QHISB9004425", "FEDORA:M2QHISBA004425", "FEDORA:M2QHISBB004425", "FEDORA:M2QHJOT4004527", "FEDORA:M2QHJOT5004527", "FEDORA:M2QHJOT6004527", "FEDORA:M2QHJOT7004527", "FEDORA:M2QHJOT8004527", "FEDORA:M2QHJP6O004538", "FEDORA:M2QHJP6P004538", "FEDORA:M2QHJP6Q004538", "FEDORA:M3MMNRT4018995", "FEDORA:M3MMS8BC019471", "FEDORA:M3MMS8BD019471", "FEDORA:M3MMS8BE019471", "FEDORA:M3MMS8BF019471", "FEDORA:M3MMS8BG019471", "FEDORA:M3MMS8BH019471", "FEDORA:M3MMS8BI019471", "FEDORA:M3MMS8EB019472", "FEDORA:M3MMS8EC019472", "FEDORA:M3MMS8ED019472", "FEDORA:M3MMS8EE019472", "FEDORA:M3MMS8EF019472", "FEDORA:M3MMS8EG019472", "FEDORA:M3MMS8EH019472", "FEDORA:M3MMUWLD019775", "FEDORA:M3MMW7VA020002", "FEDORA:M3MMW7VW020002", "FEDORA:M3MMW7VX020002", "FEDORA:M3MMW7VY020002", "FEDORA:M3MMW7VZ020002", "FEDORA:M3MMWDE9020042", "FEDORA:M3MMWDEA020042", "FEDORA:M3MMWDEB020042", "FEDORA:M3MMWDEC020042", "FEDORA:M3MMWDED020042", "FEDORA:M3MMWDEE020042", "FEDORA:M3MMWDEF020042", "FEDORA:M3MMWEV5020062", "FEDORA:M3MMWEV6020062", "FEDORA:M3MMWEV7020062", "FEDORA:M4AEAEPP021579", "FEDORA:M4AECM6V021803"]}, {"type": "freebsd", "idList": ["12B336C6-FE36-11DC-B09C-001C2514716C", "67BD39BA-12B5-11DD-BAB7-0016179B2DD5", "810A5197-E0D9-11DC-891A-02061B08FC24"]}, {"type": "gentoo", "idList": ["GLSA-200805-18", "GLSA-200808-03"]}, {"type": "mozilla", "idList": ["MFSA2008-01", "MFSA2008-02", "MFSA2008-03", "MFSA2008-04", "MFSA2008-05", "MFSA2008-06", "MFSA2008-07", "MFSA2008-08", "MFSA2008-09", "MFSA2008-10", "MFSA2008-11", "MFSA2008-12", "MFSA2008-13", "MFSA2008-14", "MFSA2008-15", "MFSA2008-16", "MFSA2008-17", "MFSA2008-18", "MFSA2008-19", "MFSA2008-20"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2008-0103.NASL", "CENTOS_RHSA-2008-0104.NASL", "CENTOS_RHSA-2008-0105.NASL", "CENTOS_RHSA-2008-0207.NASL", "CENTOS_RHSA-2008-0208.NASL", "CENTOS_RHSA-2008-0209.NASL", "CENTOS_RHSA-2008-0222.NASL", "CENTOS_RHSA-2008-0223.NASL", "CENTOS_RHSA-2008-0224.NASL", "DEBIAN_DSA-1484.NASL", "DEBIAN_DSA-1485.NASL", "DEBIAN_DSA-1489.NASL", "DEBIAN_DSA-1506.NASL", "DEBIAN_DSA-1532.NASL", "DEBIAN_DSA-1534.NASL", "DEBIAN_DSA-1535.NASL", "DEBIAN_DSA-1555.NASL", "DEBIAN_DSA-1558.NASL", "DEBIAN_DSA-1562.NASL", "DEBIAN_DSA-1574.NASL", "DEBIAN_DSA-1621.NASL", "DEBIAN_DSA-1696.NASL", "DEBIAN_DSA-1697.NASL", "FEDORA_2008-1435.NASL", "FEDORA_2008-1459.NASL", "FEDORA_2008-1535.NASL", "FEDORA_2008-1669.NASL", "FEDORA_2008-2060.NASL", "FEDORA_2008-2118.NASL", "FEDORA_2008-2662.NASL", "FEDORA_2008-2682.NASL", "FEDORA_2008-3231.NASL", "FEDORA_2008-3249.NASL", "FEDORA_2008-3264.NASL", "FEDORA_2008-3283.NASL", "FEDORA_2008-3519.NASL", "FEDORA_2008-3557.NASL", "FREEBSD_PKG_12B336C6FE3611DCB09C001C2514716C.NASL", "FREEBSD_PKG_67BD39BA12B511DDBAB70016179B2DD5.NASL", "FREEBSD_PKG_810A5197E0D911DC891A02061B08FC24.NASL", "GENTOO_GLSA-200808-03.NASL", "MANDRIVA_MDVSA-2008-048.NASL", "MANDRIVA_MDVSA-2008-062.NASL", "MANDRIVA_MDVSA-2008-080.NASL", "MANDRIVA_MDVSA-2008-110.NASL", "MANDRIVA_MDVSA-2008-155.NASL", "MOZILLA_FIREFOX_20012.NASL", "MOZILLA_FIREFOX_20013.NASL", "MOZILLA_FIREFOX_20014.NASL", "MOZILLA_THUNDERBIRD_20012.NASL", "MOZILLA_THUNDERBIRD_20014.NASL", "NETSCAPE_BROWSER_9006.NASL", "ORACLELINUX_ELSA-2008-0103.NASL", "ORACLELINUX_ELSA-2008-0104.NASL", "ORACLELINUX_ELSA-2008-0105.NASL", "ORACLELINUX_ELSA-2008-0207.NASL", "ORACLELINUX_ELSA-2008-0208.NASL", "ORACLELINUX_ELSA-2008-0209.NASL", "ORACLELINUX_ELSA-2008-0222.NASL", "ORACLELINUX_ELSA-2008-0223.NASL", "ORACLELINUX_ELSA-2008-0224.NASL", "REDHAT-RHSA-2008-0103.NASL", "REDHAT-RHSA-2008-0104.NASL", "REDHAT-RHSA-2008-0105.NASL", "REDHAT-RHSA-2008-0207.NASL", "REDHAT-RHSA-2008-0208.NASL", "REDHAT-RHSA-2008-0209.NASL", "REDHAT-RHSA-2008-0222.NASL", "REDHAT-RHSA-2008-0223.NASL", "REDHAT-RHSA-2008-0224.NASL", "SEAMONKEY_1110.NASL", "SEAMONKEY_118.NASL", "SEAMONKEY_119.NASL", "SLACKWARE_SSA_2008-061-01.NASL", "SLACKWARE_SSA_2008-108-01.NASL", "SLACKWARE_SSA_2008-128-02.NASL", "SLACKWARE_SSA_2008-191-03.NASL", "SL_20080207_FIREFOX_ON_SL4_X.NASL", "SL_20080207_SEAMONKEY_ON_SL3_X.NASL", "SL_20080207_THUNDERBIRD_ON_SL4_X.NASL", "SL_20080326_FIREFOX_ON_SL4_X.NASL", "SL_20080327_SEAMONKEY_ON_SL3_X.NASL", "SL_20080403_THUNDERBIRD_ON_SL4_X.NASL", "SL_20080416_FIREFOX_ON_SL4_X.NASL", "SL_20080416_SEAMONKEY_ON_SL3_X.NASL", "SUSE_EPIPHANY-5102.NASL", "SUSE_EPIPHANY-5293.NASL", "SUSE_MOZILLA-XULRUNNER-5118.NASL", "SUSE_MOZILLA-XULRUNNER-5123.NASL", "SUSE_MOZILLA-XULRUNNER-5163.NASL", "SUSE_MOZILLA-XULRUNNER-5164.NASL", "SUSE_MOZILLA-XULRUNNER181-5158.NASL", "SUSE_MOZILLAFIREFOX-5001.NASL", "SUSE_MOZILLAFIREFOX-5002.NASL", "SUSE_MOZILLAFIREFOX-5134.NASL", "SUSE_MOZILLAFIREFOX-5135.NASL", "SUSE_MOZILLAFIREFOX-5218.NASL", "SUSE_MOZILLAFIREFOX-5219.NASL", "SUSE_MOZILLATHUNDERBIRD-5095.NASL", "SUSE_MOZILLATHUNDERBIRD-5098.NASL", "SUSE_MOZILLATHUNDERBIRD-5280.NASL", "SUSE_MOZILLATHUNDERBIRD-5329.NASL", "SUSE_SEAMONKEY-5011.NASL", "SUSE_SEAMONKEY-5012.NASL", "SUSE_SEAMONKEY-5153.NASL", "SUSE_SEAMONKEY-5167.NASL", "UBUNTU_USN-576-1.NASL", "UBUNTU_USN-582-1.NASL", "UBUNTU_USN-582-2.NASL", "UBUNTU_USN-592-1.NASL", "UBUNTU_USN-602-1.NASL", "UBUNTU_USN-605-1.NASL", "UBUNTU_USN-629-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122595", "OPENVAS:1361412562310122601", "OPENVAS:1361412562310122612", "OPENVAS:136141256231060523", "OPENVAS:136141256231060825", "OPENVAS:136141256231061456", "OPENVAS:136141256231061463", "OPENVAS:136141256231063143", "OPENVAS:136141256231063144", "OPENVAS:136141256231065153", "OPENVAS:136141256231065196", "OPENVAS:136141256231065980", "OPENVAS:1361412562310830456", "OPENVAS:1361412562310830607", "OPENVAS:1361412562310830624", "OPENVAS:1361412562310830675", "OPENVAS:1361412562310830699", "OPENVAS:1361412562310830752", "OPENVAS:1361412562310850607", "OPENVAS:1361412562310870023", "OPENVAS:1361412562310870039", "OPENVAS:1361412562310870044", "OPENVAS:1361412562310870046", "OPENVAS:1361412562310870047", "OPENVAS:1361412562310870050", "OPENVAS:1361412562310870060", "OPENVAS:1361412562310870127", "OPENVAS:1361412562310870166", "OPENVAS:1361412562310870176", "OPENVAS:1361412562310880000", "OPENVAS:1361412562310880017", "OPENVAS:1361412562310880022", "OPENVAS:1361412562310880027", "OPENVAS:1361412562310880029", "OPENVAS:1361412562310880036", "OPENVAS:1361412562310880046", "OPENVAS:1361412562310880054", "OPENVAS:1361412562310880083", "OPENVAS:1361412562310880088", "OPENVAS:1361412562310880112", "OPENVAS:1361412562310880116", "OPENVAS:1361412562310880118", "OPENVAS:1361412562310880131", "OPENVAS:1361412562310880136", "OPENVAS:1361412562310880149", "OPENVAS:1361412562310880157", "OPENVAS:1361412562310880161", "OPENVAS:1361412562310880164", "OPENVAS:1361412562310880166", "OPENVAS:1361412562310880186", "OPENVAS:1361412562310880191", "OPENVAS:1361412562310880201", "OPENVAS:1361412562310880202", "OPENVAS:1361412562310880203", "OPENVAS:1361412562310880225", "OPENVAS:1361412562310880228", "OPENVAS:1361412562310880240", "OPENVAS:1361412562310880257", "OPENVAS:1361412562310880270", "OPENVAS:1361412562310880271", "OPENVAS:1361412562310880287", "OPENVAS:1361412562310880295", "OPENVAS:136141256231090013", "OPENVAS:136141256231090014", "OPENVAS:60362", "OPENVAS:60363", "OPENVAS:60364", "OPENVAS:60441", "OPENVAS:60456", "OPENVAS:60523", "OPENVAS:60575", "OPENVAS:60615", "OPENVAS:60653", "OPENVAS:60655", "OPENVAS:60657", "OPENVAS:60680", "OPENVAS:60825", "OPENVAS:60859", "OPENVAS:60862", "OPENVAS:60863", "OPENVAS:60867", "OPENVAS:60886", "OPENVAS:61025", "OPENVAS:61052", "OPENVAS:61373", "OPENVAS:61394", "OPENVAS:61456", "OPENVAS:61463", "OPENVAS:63143", "OPENVAS:63144", "OPENVAS:65153", "OPENVAS:65196", "OPENVAS:65980", "OPENVAS:830456", "OPENVAS:830607", "OPENVAS:830624", "OPENVAS:830675", "OPENVAS:830699", "OPENVAS:830752", "OPENVAS:840192", "OPENVAS:840215", "OPENVAS:840238", "OPENVAS:840285", "OPENVAS:840287", "OPENVAS:840295", "OPENVAS:840336", "OPENVAS:850011", "OPENVAS:850020", "OPENVAS:860018", "OPENVAS:860044", "OPENVAS:860051", "OPENVAS:860054", "OPENVAS:860071", "OPENVAS:860099", "OPENVAS:860105", "OPENVAS:860109", "OPENVAS:860127", "OPENVAS:860135", "OPENVAS:860141", "OPENVAS:860147", "OPENVAS:860184", "OPENVAS:860197", "OPENVAS:860212", "OPENVAS:860224", "OPENVAS:860225", "OPENVAS:860229", "OPENVAS:860234", "OPENVAS:860255", "OPENVAS:860257", "OPENVAS:860259", "OPENVAS:860269", "OPENVAS:860274", "OPENVAS:860283", "OPENVAS:860287", "OPENVAS:860289", "OPENVAS:860303", "OPENVAS:860306", "OPENVAS:860312", "OPENVAS:860316", "OPENVAS:860355", "OPENVAS:860390", "OPENVAS:860415", "OPENVAS:860417", "OPENVAS:860420", "OPENVAS:860425", "OPENVAS:860426", "OPENVAS:860429", "OPENVAS:860436", "OPENVAS:860442", "OPENVAS:860457", "OPENVAS:860467", "OPENVAS:860472", "OPENVAS:860488", "OPENVAS:860490", "OPENVAS:860491", "OPENVAS:860498", "OPENVAS:860512", "OPENVAS:860538", "OPENVAS:860540", "OPENVAS:860544", "OPENVAS:860549", "OPENVAS:860562", "OPENVAS:860564", "OPENVAS:860581", "OPENVAS:860588", "OPENVAS:860601", "OPENVAS:860609", "OPENVAS:860611", "OPENVAS:860616", "OPENVAS:860617", "OPENVAS:860636", "OPENVAS:860637", "OPENVAS:860664", "OPENVAS:860666", "OPENVAS:860672", "OPENVAS:860679", "OPENVAS:860687", "OPENVAS:860693", "OPENVAS:860698", "OPENVAS:860701", "OPENVAS:860713", "OPENVAS:860714", "OPENVAS:860716", "OPENVAS:860717", "OPENVAS:860719", "OPENVAS:860729", "OPENVAS:860750", "OPENVAS:860768", "OPENVAS:860770", "OPENVAS:860772", "OPENVAS:860781", "OPENVAS:860787", "OPENVAS:860797", "OPENVAS:860802", "OPENVAS:860807", "OPENVAS:860822", "OPENVAS:860850", "OPENVAS:860857", "OPENVAS:860863", "OPENVAS:860905", "OPENVAS:860906", "OPENVAS:860908", "OPENVAS:860940", "OPENVAS:860975", "OPENVAS:860976", "OPENVAS:870023", "OPENVAS:870039", "OPENVAS:870044", "OPENVAS:870046", "OPENVAS:870047", "OPENVAS:870050", "OPENVAS:870060", "OPENVAS:870127", "OPENVAS:870166", "OPENVAS:870176", "OPENVAS:880000", "OPENVAS:880017", "OPENVAS:880022", "OPENVAS:880027", "OPENVAS:880029", "OPENVAS:880036", "OPENVAS:880046", "OPENVAS:880054", "OPENVAS:880083", "OPENVAS:880088", "OPENVAS:880112", "OPENVAS:880116", "OPENVAS:880118", "OPENVAS:880131", "OPENVAS:880136", "OPENVAS:880149", "OPENVAS:880157", "OPENVAS:880161", "OPENVAS:880164", "OPENVAS:880166", "OPENVAS:880186", "OPENVAS:880191", "OPENVAS:880201", "OPENVAS:880202", "OPENVAS:880203", "OPENVAS:880225", "OPENVAS:880228", "OPENVAS:880240", "OPENVAS:880257", "OPENVAS:880270", "OPENVAS:880271", "OPENVAS:880287", "OPENVAS:880295", "OPENVAS:90013", "OPENVAS:90014"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0103", "ELSA-2008-0104", "ELSA-2008-0105", "ELSA-2008-0207", "ELSA-2008-0208", "ELSA-2008-0209", "ELSA-2008-0222", "ELSA-2008-0223", "ELSA-2008-0224"]}, {"type": "osv", "idList": ["OSV:DSA-1484-1", "OSV:DSA-1485-2", "OSV:DSA-1489-1", "OSV:DSA-1506-1", "OSV:DSA-1532-1", "OSV:DSA-1534-1", "OSV:DSA-1534-2", "OSV:DSA-1535-1", "OSV:DSA-1555-1", "OSV:DSA-1558-1", "OSV:DSA-1562-1", "OSV:DSA-1574-1", "OSV:DSA-1621-1", "OSV:DSA-1696-1", "OSV:DSA-1697-1"]}, {"type": "prion", "idList": ["PRION:CVE-2007-3090", "PRION:CVE-2007-4879", "PRION:CVE-2007-6524", "PRION:CVE-2008-0304", "PRION:CVE-2008-0412", "PRION:CVE-2008-0413", "PRION:CVE-2008-0414", "PRION:CVE-2008-0415", "PRION:CVE-2008-0416", "PRION:CVE-2008-0417", "PRION:CVE-2008-0418", "PRION:CVE-2008-0419", "PRION:CVE-2008-0420", "PRION:CVE-2008-0591", "PRION:CVE-2008-0592", "PRION:CVE-2008-0593", "PRION:CVE-2008-0594", "PRION:CVE-2008-0894", "PRION:CVE-2008-1233", "PRION:CVE-2008-1234", "PRION:CVE-2008-1235", "PRION:CVE-2008-1236", "PRION:CVE-2008-1237", "PRION:CVE-2008-1238", "PRION:CVE-2008-1240", "PRION:CVE-2008-1241", "PRION:CVE-2008-1380", "PRION:CVE-2008-1580"]}, {"type": "redhat", "idList": ["RHSA-2008:0103", "RHSA-2008:0104", "RHSA-2008:0105", "RHSA-2008:0207", "RHSA-2008:0208", "RHSA-2008:0209", "RHSA-2008:0222", "RHSA-2008:0223", "RHSA-2008:0224"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19033", "SECURITYVULNS:DOC:19034", "SECURITYVULNS:DOC:19035", "SECURITYVULNS:DOC:19036", "SECURITYVULNS:DOC:19037", "SECURITYVULNS:DOC:19038", "SECURITYVULNS:DOC:19039", "SECURITYVULNS:DOC:19040", "SECURITYVULNS:DOC:19041", "SECURITYVULNS:DOC:19042", "SECURITYVULNS:DOC:19292", "SECURITYVULNS:DOC:19293", "SECURITYVULNS:DOC:19294", "SECURITYVULNS:DOC:19515", "SECURITYVULNS:DOC:19516", "SECURITYVULNS:DOC:19517", "SECURITYVULNS:DOC:19518", "SECURITYVULNS:DOC:19519", "SECURITYVULNS:DOC:19520", "SECURITYVULNS:DOC:19521", "SECURITYVULNS:DOC:19690", "SECURITYVULNS:VULN:8648", "SECURITYVULNS:VULN:8697", "SECURITYVULNS:VULN:8727", "SECURITYVULNS:VULN:8838", "SECURITYVULNS:VULN:8924"]}, {"type": "seebug", "idList": ["SSV:2926", "SSV:2954", "SSV:3105", "SSV:3190", "SSV:3319", "SSV:3351"]}, {"type": "slackware", "idList": ["SSA-2008-061-01", "SSA-2008-108-01", "SSA-2008-128-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "SUSE-SA:2008:008", "SUSE-SA:2008:019"]}, {"type": "ubuntu", "idList": ["USN-576-1", "USN-582-1", "USN-582-2", "USN-592-1", "USN-602-1", "USN-605-1", "USN-629-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-4879", "UB:CVE-2007-6524", "UB:CVE-2008-0304", "UB:CVE-2008-0412", "UB:CVE-2008-0413", "UB:CVE-2008-0414", "UB:CVE-2008-0415", "UB:CVE-2008-0416", "UB:CVE-2008-0417", "UB:CVE-2008-0418", "UB:CVE-2008-0419", "UB:CVE-2008-0420", "UB:CVE-2008-0591", "UB:CVE-2008-0592", "UB:CVE-2008-0593", "UB:CVE-2008-0594", "UB:CVE-2008-1233", "UB:CVE-2008-1234", "UB:CVE-2008-1235", "UB:CVE-2008-1236", "UB:CVE-2008-1237", "UB:CVE-2008-1238", "UB:CVE-2008-1240", "UB:CVE-2008-1241", "UB:CVE-2008-1380"]}, {"type": "veracode", "idList": ["VERACODE:23212", "VERACODE:23213", "VERACODE:23214", "VERACODE:23216", "VERACODE:23217", "VERACODE:23218", "VERACODE:23220", "VERACODE:23221", "VERACODE:23222", "VERACODE:23260", "VERACODE:23293", "VERACODE:23294", "VERACODE:23295", "VERACODE:23296", "VERACODE:23297", "VERACODE:23298", "VERACODE:23299"]}]}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2008:0222", "CESA-2008:0223-02", "CESA-2008:0224"]}, {"type": "cert", "idList": ["VU:661651"]}, {"type": "cve", "idList": ["CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1535-1:5D1F2", "DEBIAN:DSA-1562-1:9B6E3", "DEBIAN:DSA-1574-1:15C57"]}, {"type": "fedora", "idList": ["FEDORA:M1D4PHXM003988", "FEDORA:M2QHHVG5004301", "FEDORA:M2QHJOT6004527", "FEDORA:M2QHJP6O004538", "FEDORA:M3MMW7VZ020002"]}, {"type": "freebsd", "idList": ["12B336C6-FE36-11DC-B09C-001C2514716C", "67BD39BA-12B5-11DD-BAB7-0016179B2DD5", "810A5197-E0D9-11DC-891A-02061B08FC24"]}, {"type": "mozilla", "idList": ["MFSA2008-04"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2008-0208.NASL", "NETSCAPE_BROWSER_9006.NASL", "ORACLELINUX_ELSA-2008-0104.NASL", "ORACLELINUX_ELSA-2008-0208.NASL", "ORACLELINUX_ELSA-2008-0222.NASL", "SL_20080207_THUNDERBIRD_ON_SL4_X.NASL", "SUSE_MOZILLAFIREFOX-5135.NASL", "SUSE_SEAMONKEY-5167.NASL", "UBUNTU_USN-582-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830456", "OPENVAS:1361412562310830624", "OPENVAS:1361412562310880131", "OPENVAS:1361412562310880157", "OPENVAS:1361412562310880191", "OPENVAS:1361412562310880257", "OPENVAS:1361412562310880271", "OPENVAS:830752", "OPENVAS:850020", "OPENVAS:860184", "OPENVAS:860420", "OPENVAS:860426", "OPENVAS:860857", "OPENVAS:860863", "OPENVAS:860975", "OPENVAS:870166", "OPENVAS:880164", "OPENVAS:880186"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0208"]}, {"type": "redhat", "idList": ["RHSA-2008:0105"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19515"]}, {"type": "seebug", "idList": ["SSV:2926", "SSV:3319"]}, {"type": "slackware", "idList": ["SSA-2008-108-01"]}, {"type": "ubuntu", "idList": ["USN-605-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0414", "UB:CVE-2008-0416", "UB:CVE-2008-0593"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2007-4879", "epss": 0.00589, "percentile": 0.75053, "modified": "2023-05-06"}, {"cve": "CVE-2008-0304", "epss": 0.32745, "percentile": 0.96396, "modified": "2023-05-06"}, {"cve": "CVE-2008-0412", "epss": 0.12651, "percentile": 0.94593, "modified": "2023-05-06"}, {"cve": "CVE-2008-0413", "epss": 0.15203, "percentile": 0.94996, "modified": "2023-05-06"}, {"cve": "CVE-2008-0414", "epss": 0.01233, "percentile": 0.83383, "modified": "2023-05-06"}, {"cve": "CVE-2008-0415", "epss": 0.00694, "percentile": 0.77296, "modified": "2023-05-06"}, {"cve": "CVE-2008-0416", "epss": 0.00374, "percentile": 0.68665, "modified": "2023-05-06"}, {"cve": "CVE-2008-0417", "epss": 0.01881, "percentile": 0.86649, "modified": "2023-05-06"}, {"cve": "CVE-2008-0418", "epss": 0.00955, "percentile": 0.80965, "modified": "2023-05-06"}, {"cve": "CVE-2008-0419", "epss": 0.06421, "percentile": 0.92593, "modified": "2023-05-06"}, {"cve": "CVE-2008-0420", "epss": 0.06462, "percentile": 0.92614, "modified": "2023-05-06"}, {"cve": "CVE-2008-0591", "epss": 0.02863, "percentile": 0.89201, "modified": "2023-05-06"}, {"cve": "CVE-2008-0592", "epss": 0.06013, "percentile": 0.92366, "modified": "2023-05-06"}, {"cve": "CVE-2008-0593", "epss": 0.00566, "percentile": 0.74513, "modified": "2023-05-06"}, {"cve": "CVE-2008-0594", "epss": 0.02001, "percentile": 0.87126, "modified": "2023-05-06"}, {"cve": "CVE-2008-1233", "epss": 0.42894, "percentile": 0.96775, "modified": "2023-05-06"}, {"cve": "CVE-2008-1234", "epss": 0.00632, "percentile": 0.75975, "modified": "2023-05-06"}, {"cve": "CVE-2008-1235", "epss": 0.50337, "percentile": 0.96983, "modified": "2023-05-06"}, {"cve": "CVE-2008-1236", "epss": 0.35799, "percentile": 0.96534, "modified": "2023-05-06"}, {"cve": "CVE-2008-1237", "epss": 0.35799, "percentile": 0.96534, "modified": "2023-05-06"}, {"cve": "CVE-2008-1238", "epss": 0.00922, "percentile": 0.80629, "modified": "2023-05-06"}, {"cve": "CVE-2008-1240", "epss": 0.01227, "percentile": 0.83329, "modified": "2023-05-06"}, {"cve": "CVE-2008-1241", "epss": 0.00758, "percentile": 0.78475, "modified": "2023-05-06"}, {"cve": "CVE-2008-1380", "epss": 0.04764, "percentile": 0.91458, "modified": "2023-05-06"}], "vulnersScore": 0.4}, "_state": {"dependencies": 1702068518, "score": 1702067860, "epss": 0}, "_internal": {"score_hash": "b6aef5ffa9a1603e8fc1188c347fca3a"}, "pluginID": "32416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200805-18.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32416);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-1380\");\n script_xref(name:\"GLSA\", value:\"200805-18\");\n\n script_name(english:\"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200805-18\n(Mozilla products: Multiple vulnerabilities)\n\n The following vulnerabilities were reported in all mentioned Mozilla\n products:\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul\n Nickerson reported browser crashes related to JavaScript methods,\n possibly triggering memory corruption (CVE-2008-0412).\n Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\n Philip Taylor, and tgirmann reported crashes in the JavaScript engine,\n possibly triggering memory corruption (CVE-2008-0413).\n David Bloom discovered a vulnerability in the way images are treated by\n the browser when a user leaves a page, possibly triggering memory\n corruption (CVE-2008-0419).\n moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of\n privilege escalation vulnerabilities related to JavaScript\n (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).\n Mozilla developers identified browser crashes caused by the layout and\n JavaScript engines, possibly triggering memory corruption\n (CVE-2008-1236, CVE-2008-1237).\n moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from\n its sandboxed context and run with chrome privileges, and inject script\n content into another site, violating the browser's same origin policy\n (CVE-2008-0415).\n Gerry Eisenhaur discovered a directory traversal vulnerability when\n using 'flat' addons (CVE-2008-0418).\n Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported\n multiple character handling flaws related to the backspace character,\n the '0x80' character, involving zero-length non-ASCII sequences in\n multiple character sets, that could facilitate Cross-Site Scripting\n attacks (CVE-2008-0416).\n The following vulnerability was reported in Thunderbird and SeaMonkey:\n regenrecht (via iDefense) reported a heap-based buffer overflow when\n rendering an email message with an external MIME body (CVE-2008-0304).\n The following vulnerabilities were reported in Firefox, SeaMonkey and\n XULRunner:\n The fix for CVE-2008-1237 in Firefox 2.0.0.13\n and SeaMonkey 1.1.9 introduced a new crash vulnerability\n (CVE-2008-1380).\n hong and Gregory Fleischer each reported a\n variant on earlier reported bugs regarding focus shifting in file input\n controls (CVE-2008-0414).\n Gynvael Coldwind (Vexillium) discovered that BMP images could be used\n to reveal uninitialized memory, and that this data could be extracted\n using a 'canvas' feature (CVE-2008-0420).\n Chris Thomas reported that background tabs could create a borderless\n XUL pop-up in front of pages in other tabs (CVE-2008-1241).\n oo.rio.oo discovered that a plain text file with a\n 'Content-Disposition: attachment' prevents Firefox from rendering\n future plain text files within the browser (CVE-2008-0592).\n Martin Straka reported that the '.href' property of stylesheet DOM\n nodes is modified to the final URI of a 302 redirect, bypassing the\n same origin policy (CVE-2008-0593).\n Gregory Fleischer discovered that under certain circumstances, leading\n characters from the hostname part of the 'Referer:' HTTP header are\n removed (CVE-2008-1238).\n Peter Brodersen and Alexander Klink reported that the browser\n automatically selected and sent a client certificate when SSL Client\n Authentication is requested by a server (CVE-2007-4879).\n Gregory Fleischer reported that web content fetched via the 'jar:'\n protocol was not subject to network access restrictions\n (CVE-2008-1240).\n The following vulnerabilities were reported in Firefox:\n Justin Dolske discovered a CRLF injection vulnerability when storing\n passwords (CVE-2008-0417).\n Michal Zalewski discovered that Firefox does not properly manage a\n delay timer used in confirmation dialogs (CVE-2008-0591).\n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery\n warning dialog is not displayed if the entire contents of a web page\n are in a DIV tag that uses absolute positioning (CVE-2008-0594).\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email that will trigger one of the vulnerabilities, possibly\n leading to the execution of arbitrary code or a Denial of Service. It\n is also possible for an attacker to trick a user to upload arbitrary\n files when submitting a form, to corrupt saved passwords for other\n sites, to steal login credentials, or to conduct Cross-Site Scripting\n and Cross-Site Request Forgery attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200805-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14'\n All Mozilla Firefox binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14'\n All Mozilla Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14'\n All Mozilla Thunderbird binary users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14'\n All SeaMonkey users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1'\n All SeaMonkey binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9'\n All XULRunner users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14'\n NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in\n the SeaMonkey binary ebuild, as no precompiled packages have been\n released. Until an update is available, we recommend all SeaMonkey\n users to disable JavaScript, use Firefox for JavaScript-enabled\n browsing, or switch to the SeaMonkey source ebuild.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/mozilla-firefox-bin\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey-bin\", unaffected:make_list(\"ge 1.1.9\"), vulnerable:make_list(\"lt 1.1.9\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird-bin\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey\", unaffected:make_list(\"ge 1.1.9-r1\"), vulnerable:make_list(\"lt 1.1.9-r1\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"net-libs/xulrunner\", unaffected:make_list(\"ge 1.8.1.14\"), vulnerable:make_list(\"lt 1.8.1.14\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla products\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:mozilla-firefox", "p-cpe:/a:gentoo:linux:mozilla-firefox-bin", "p-cpe:/a:gentoo:linux:mozilla-thunderbird", "p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin", "p-cpe:/a:gentoo:linux:seamonkey", "p-cpe:/a:gentoo:linux:seamonkey-bin", "p-cpe:/a:gentoo:linux:xulrunner", "cpe:/o:gentoo:linux"], "solution": "All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14' All Mozilla Firefox binary users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14' All Mozilla Thunderbird users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14' All Mozilla Thunderbird binary users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14' All SeaMonkey users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1' All SeaMonkey binary users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9' All XULRunner users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14' NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the SeaMonkey binary ebuild, as no precompiled packages have been released. Until an update is available, we recommend all SeaMonkey users to disable JavaScript, use Firefox for JavaScript-enabled browsing, or switch to the SeaMonkey source ebuild.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2008-05-20T00:00:00", "vulnerabilityPublicationDate": "2007-09-08T00:00:00", "exploitableWith": []}

{"gentoo": [{"lastseen": "2023-12-08T20:55:02", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird. \n\n### Description\n\nThe following vulnerabilities were reported in all mentioned Mozilla products: \n\n * Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). \n * Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). \n * David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). \n * moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). \n * Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). \n * moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415). \n * Gerry Eisenhaur discovered a directory traversal vulnerability when using \"flat\" addons (CVE-2008-0418). \n * Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the \"0x80\" character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416). \n\nThe following vulnerability was reported in Thunderbird and SeaMonkey: \n\n * regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304). \n\nThe following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: \n\n * The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380).\n * hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414). \n * Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a \"canvas\" feature (CVE-2008-0420). \n * Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241). \n * oo.rio.oo discovered that a plain text file with a \"Content-Disposition: attachment\" prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592). \n * Martin Straka reported that the \".href\" property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593). \n * Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the \"Referer:\" HTTP header are removed (CVE-2008-1238). \n * Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879). \n * Gregory Fleischer reported that web content fetched via the \"jar:\" protocol was not subject to network access restrictions (CVE-2008-1240). \n\nThe following vulnerabilities were reported in Firefox: \n\n * Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417). \n * Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591). \n * Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594). \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-2.0.0.14\"\n\nAll Mozilla Firefox binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-bin-2.0.0.14\"\n\nAll Mozilla Thunderbird users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/mozilla-thunderbird-2.0.0.14\"\n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/mozilla-thunderbird-bin-2.0.0.14\"\n\nAll SeaMonkey users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-1.1.9-r1\"\n\nAll SeaMonkey binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-1.1.9\"\n\nAll XULRunner users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/xulrunner-1.8.1.14\"\n\nNOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the SeaMonkey binary ebuild, as no precompiled packages have been released. Until an update is available, we recommend all SeaMonkey users to disable JavaScript, use Firefox for JavaScript-enabled browsing, or switch to the SeaMonkey source ebuild.", "cvss3": {}, "published": "2008-05-20T00:00:00", "type": "gentoo", "title": "Mozilla products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380"], "modified": "2008-05-20T00:00:00", "id": "GLSA-200805-18", "href": "https://security.gentoo.org/glsa/200805-18", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200805-18.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200805-18 (mozilla ...)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-0417", "CVE-2008-1236", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-0593", "CVE-2008-1238", "CVE-2008-0413", "CVE-2008-1380", "CVE-2008-1233", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0304", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-0420", "CVE-2008-1241", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61052", "href": "http://plugins.openvas.org/nasl.php?oid=61052", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been reported in Mozilla Firefox,\nThunderbird, SeaMonkey and XULRunner, some of which may allow\nuser-assisted execution of arbitrary code.\";\ntag_solution = \"Upgrade to the latest package. For details, please visit the\nreferenced security advisory.\n\nNOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the\nSeaMonkey binary ebuild, as no precompiled packages have been released.\nUntil an update is available, we recommend all SeaMonkey users to disable\nJavaScript, use Firefox for JavaScript-enabled browsing, or switch to the\nSeaMonkey source ebuild.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200805-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=208128\nhttp://bugs.gentoo.org/show_bug.cgi?id=214816\nhttp://bugs.gentoo.org/show_bug.cgi?id=218065\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200805-18.\";\n\n \n\nif(description)\n{\n script_id(61052);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-1380\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200805-18 (mozilla ...)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-client/mozilla-firefox\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/mozilla-firefox-bin\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird-bin\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/seamonkey\", unaffected: make_list(\"ge 1.1.9-r1\"), vulnerable: make_list(\"lt 1.1.9-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/seamonkey-bin\", unaffected: make_list(\"ge 1.1.9\"), vulnerable: make_list(\"lt 1.1.9\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-libs/xulrunner\", unaffected: make_list(\"ge 1.8.1.14\"), vulnerable: make_list(\"lt 1.8.1.14\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:13", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-576-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox vulnerabilities USN-576-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840192", "href": "http://plugins.openvas.org/nasl.php?oid=840192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_576_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for firefox vulnerabilities USN-576-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various flaws were discovered in the browser and JavaScript engine.\n By tricking a user into opening a malicious web page, an attacker\n could execute arbitrary code with the user's privileges.\n (CVE-2008-0412, CVE-2008-0413)\n\n Flaws were discovered in the file upload form control. A malicious\n website could force arbitrary files from the user's computer to be\n uploaded without consent. (CVE-2008-0414)\n \n Various flaws were discovered in the JavaScript engine. By tricking\n a user into opening a malicious web page, an attacker could escalate\n privileges within the browser, perform cross-site scripting attacks\n and/or execute arbitrary code with the user's privileges. (CVE-2008-0415)\n \n Various flaws were discovered in character encoding handling. If a\n user were ticked into opening a malicious web page, an attacker\n could perform cross-site scripting attacks. (CVE-2008-0416)\n \n Justin Dolske discovered a flaw in the password saving mechanism. By\n tricking a user into opening a malicious web page, an attacker could\n corrupt the user's stored passwords. (CVE-2008-0417)\n \n Gerry Eisenhaur discovered that the chrome URI scheme did not properly\n guard against directory traversal. Under certain circumstances, an\n attacker may be able to load files or steal session data. Ubuntu is\n not vulnerable in the default installation. (CVE-2008-0418)\n \n David Bloom discovered flaws in the way images are treated by the\n browser. A malicious website could exploit this to steal the user's\n history information, crash the browser and/or possibly execute\n arbitrary code with the user's privileges. (CVE-2008-0419)\n \n Flaws were discovered in the BMP decoder. By tricking a user into\n opening a specially crafted BMP file, an attacker could obtain\n sensitive information. (CVE-2008-0420)\n \n Michal Zalewski discovered flaws with timer-enabled security dialogs.\n A malicious website could force the user to confirm a security dialog\n without explicit consent. (CVE-2008-0591)\n \n It was discovered that Firefox mishandled locally saved plain text\n files. By tricking a user into saving a specially crafted text file,\n an attacker could prevent the browser from displaying local files\n with a .txt extension. (CVE-2008-0592)\n \n Martin Straka discovered flaws in stylesheet handling after a 302\n redirect. By tricking a user into opening a malicious web page, an\n attacker could obtain sensitive URL parameters. (CVE-2008-0593)\n \n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery\n warning dialog wasn't displayed under certain circumstances. A\n malicious website could exploit this to conduct phishing attacks\n against the user. (CVE-2008-0594)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-576-1\";\ntag_affected = \"firefox vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-576-1/\");\n script_id(840192);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"576-1\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_name( \"Ubuntu Update for firefox vulnerabilities USN-576-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:28", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2016-09-19T00:00:00", "id": "OPENVAS:60456", "href": "http://plugins.openvas.org/nasl.php?oid=60456", "sourceData": "#\n#VID 810a5197-e0d9-11dc-891a-02061b08fc24\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n firefox\n linux-firefox\n seamonkey\n linux-seamonkey\n flock\n linux-flock\n linux-firefox-devel\n linux-seamonkey-devel\n\nFor details, please visit the referenced security advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-01.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-02.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-03.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-04.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-05.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-06.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-07.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-08.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-09.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-10.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-11.html\nhttp://www.vuxml.org/freebsd/810a5197-e0d9-11dc-891a-02061b08fc24.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60456);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.12,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.12\")<0) {\n txt += 'Package linux-firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.8\")<0) {\n txt += 'Package seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.8\")<0) {\n txt += 'Package linux-seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"flock\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.9\")<0) {\n txt += 'Package flock version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-flock\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.9\")<0) {\n txt += 'Package linux-flock version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-firefox-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-seamonkey-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:20", "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 1484-1.", "cvss3": {}, "published": "2008-02-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1484-1 (xulrunner)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60363", "href": "http://plugins.openvas.org/nasl.php?oid=60363", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1484_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1484-1 (xulrunner)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2008-0412\n\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\nNickerson discovered crashes in the layout engine, which might allow\nthe execution of arbitrary code.\n\nCVE-2008-0413\n\nCarsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\nPhilip Taylor and tgirmann discovered crashes in the Javascript\nengine, which might allow the execution of arbitrary code.\n\nCVE-2008-0414\n\nhong and Gregory Fleisher discovered that file input focus\nvulnerabilities in the file upload control could allow information\ndisclosure of local files.\n\nCVE-2008-0415\n\nmoz_bug_r_a4 and Boris Zbarsky discovered discovered several\nvulnerabilities in Javascript handling, which could allow\nprivilege escalation.\n\nCVE-2008-0417\n\nJustin Dolske discovered that the password storage machanism could\nbe abused by malicious web sites to corrupt existing saved passwords.\n\nCVE-2008-0418\n\nGerry Eisenhaur and moz_bug_r_a4 discovered that a directory\ntraversal vulnerability in chrome: URI handling could lead to\ninformation disclosure.\n\nCVE-2008-0419\n\nDavid Bloom discovered a race condition in the image handling of\ndesignMode elements, which could lead to information disclosure or\npotentially the execution of arbitrary code.\n\nCVE-2008-0591\n\nMichal Zalewski discovered that timers protecting security-sensitive\ndialogs (which disable dialog elements until a timeout is reached)\ncould be bypassed by window focus changes through Javascript.\n\nCVE-2008-0592\n\nIt was discovered that malformed content declarations of saved\nattachments could prevent a user in the opening local files\nwith a .txt file name, resulting in minor denial of service.\n\nCVE-2008-0593\n\nMartin Straka discovered that insecure stylesheet handling during\nredirects could lead to information disclosure.\n\nCVE-2008-0594\n\nEmil Ljungdahl and Lars-Olof Moilanen discovered that phishing\nprotections could be bypassed with <div> elements.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080131b-0etch1.\n\nThe old stable distribution (sarge) doesn't contain xulrunner.\n\nWe recommend that you upgrade your xulrunner packages.\";\ntag_summary = \"The remote host is missing an update to xulrunner\nannounced via advisory DSA 1484-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201484-1\";\n\n\nif(description)\n{\n script_id(60363);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-15 23:29:21 +0100 (Fri, 15 Feb 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1484-1 (xulrunner)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxul-dev\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-common\", ver:\"1.8.0.15~pre080131a-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.8.0.15~pre080131a-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"1.8.0.15~pre080131a-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs1\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs-dev\", ver:\"1.8.0.15~pre080131a-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d-dbg\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d-dbg\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d-dbg\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-gnome-support\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing an update to iceweasel\nannounced via advisory DSA 1489-1.", "cvss3": {}, "published": "2008-02-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1489-1 (iceweasel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60364", "href": "http://plugins.openvas.org/nasl.php?oid=60364", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1489_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1489-1 (iceweasel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\nNickerson discovered crashes in the layout engine, which might allow\nthe execution of arbitrary code.\n\nCVE-2008-0413\n\nCarsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\nPhilip Taylor and tgirmann discovered crashes in the Javascript\nengine, which might allow the execution of arbitrary code.\n\nCVE-2008-0414\n\nhong and Gregory Fleisher discovered that file input focus\nvulnerabilities in the file upload control could allow information\ndisclosure of local files.\n\nCVE-2008-0415\n\nmoz_bug_r_a4 and Boris Zbarsky discovered discovered several\nvulnerabilities in Javascript handling, which could allow\nprivilege escalation.\n\nCVE-2008-0417\n\nJustin Dolske discovered that the password storage machanism could\nbe abused by malicious web sites to corrupt existing saved passwords.\n\nCVE-2008-0418\n\nGerry Eisenhaur and moz_bug_r_a4 discovered that a directory\ntraversal vulnerability in chrome: URI handling could lead to\ninformation disclosure.\n\nCVE-2008-0419\n\nDavid Bloom discovered a race condition in the image handling of\ndesignMode elements, which can lead to information disclosure or\npotentially the execution of arbitrary code.\n\nCVE-2008-0591\n\nMichal Zalewski discovered that timers protecting security-sensitive\ndialogs (which disable dialog elements until a timeout is reached)\ncould be bypassed by window focus changes through Javascript.\n\nCVE-2008-0592\n\nIt was discovered that malformed content declarations of saved\nattachments could prevent a user in the opening local files\nwith a .txt file name, resulting in minor denial of service.\n\nCVE-2008-0593\n\nMartin Straka discovered that insecure stylesheet handling during\nredirects could lead to information disclosure.\n\nCVE-2008-0594\n\nEmil Ljungdahl and Lars-Olof Moilanen discovered that phishing\nprotections could be bypassed with <div> elements.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.12-0etch1.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your iceweasel packages.\";\ntag_summary = \"The remote host is missing an update to iceweasel\nannounced via advisory DSA 1489-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201489-1\";\n\n\nif(description)\n{\n script_id(60364);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-15 23:29:21 +0100 (Fri, 15 Feb 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1489-1 (iceweasel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dom-inspector\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-gnome-support\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:43", "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 1485-2.", "cvss3": {}, "published": "2008-03-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1485-2 (icedove)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60575", "href": "http://plugins.openvas.org/nasl.php?oid=60575", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1485_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1485-2 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A regression has been fixed in icedove's frame handling code. For\nreference you can find the original update below:\n\nSeveral remote vulnerabilities have been discovered in the Icedove mail\nclient, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\nNickerson discovered crashes in the layout engine, which might allow\nthe execution of arbitrary code.\n\nCVE-2008-0413\n\nCarsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\nPhilip Taylor and tgirmann discovered crashes in the Javascript\nengine, which might allow the execution of arbitrary code.\n\nCVE-2008-0415\n\nmoz_bug_r_a4 and Boris Zbarsky discovered discovered several\nvulnerabilities in Javascript handling, which could allow\nprivilege escalation.\n\nCVE-2008-0418\n\nGerry Eisenhaur and moz_bug_r_a4 discovered that a directory\ntraversal vulnerability in chrome: URI handling could lead to\ninformation disclosure.\n\nCVE-2008-0419\n\nDavid Bloom discovered a race condition in the image handling of\ndesignMode elements, which can lead to information disclosure or\npotentially the execution of arbitrary code.\n\nCVE-2008-0591\n\nMichal Zalewski discovered that timers protecting security-sensitive\ndialogs (which disable dialog elements until a timeout is reached)\ncould be bypassed by window focus changes through Javascript.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch2.\n\nThe Mozilla products in the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 1485-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201485-2\";\n\n\nif(description)\n{\n script_id(60575);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-03-19 20:30:32 +0100 (Wed, 19 Mar 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1485-2 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-inspector\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-inspector\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-inspector\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:44", "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 1485-1.", "cvss3": {}, "published": "2008-02-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1485-1 (icedove)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60362", "href": "http://plugins.openvas.org/nasl.php?oid=60362", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1485_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1485-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Icedove mail\nclient, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\nNickerson discovered crashes in the layout engine, which might allow\nthe execution of arbitrary code.\n\nCVE-2008-0413\n\nCarsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\nPhilip Taylor and tgirmann discovered crashes in the Javascript\nengine, which might allow the execution of arbitrary code.\n\nCVE-2008-0415\n\nmoz_bug_r_a4 and Boris Zbarsky discovered discovered several\nvulnerabilities in Javascript handling, which could allow\nprivilege escalation.\n\nCVE-2008-0418\n\nGerry Eisenhaur and moz_bug_r_a4 discovered that a directory\ntraversal vulnerability in chrome: URI handling could lead to\ninformation disclosure.\n\nCVE-2008-0419\n\nDavid Bloom discovered a race condition in the image handling of\ndesignMode elements, which can lead to information disclosure or\npotentially the execution of arbitrary code.\n\nCVE-2008-0591\n\nMichal Zalewski discovered that timers protecting security-sensitive\ndialogs (which disable dialog elements until a timeout is reached)\ncould be bypassed by window focus changes through Javascript.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch1.\n\nThe Mozilla products in the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 1485-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201485-1\";\n\n\nif(description)\n{\n script_id(60362);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-15 23:29:21 +0100 (Fri, 15 Feb 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1485-1 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-inspector\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-inspector\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-inspector\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:38", "description": "Check for the Version of mozilla-firefox", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for mozilla-firefox MDVSA-2008:048 (mozilla-firefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830624", "href": "http://plugins.openvas.org/nasl.php?oid=830624", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla-firefox MDVSA-2008:048 (mozilla-firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of security vulnerabilities have been discovered and corrected\n in the latest Mozilla Firefox program, version 2.0.0.12.\n\n This update provides the latest Firefox to correct these issues.\";\n\ntag_affected = \"mozilla-firefox on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-02/msg00030.php\");\n script_id(830624);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:048\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_name( \"Mandriva Update for mozilla-firefox MDVSA-2008:048 (mozilla-firefox)\");\n\n script_summary(\"Check for the Version of mozilla-firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"deskbar-applet\", rpm:\"deskbar-applet~2.18.0~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt-sdk\", rpm:\"eclipse-jdt-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-sdk\", rpm:\"eclipse-pde-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform-sdk\", rpm:\"eclipse-platform-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp-sdk\", rpm:\"eclipse-rcp-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-sdk\", rpm:\"eclipse-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.18.0~5.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.18.0~5.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.18.0~2.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~5.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0-devel\", rpm:\"libdevhelp-1_0-devel~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.12\", rpm:\"libmozilla-firefox2.0.0.12~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser1\", rpm:\"libtotem-plparser1~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser1-devel\", rpm:\"libtotem-plparser1-devel~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.0~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0-devel\", rpm:\"lib64devhelp-1_0-devel~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.12\", rpm:\"lib64mozilla-firefox2.0.0.12~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser1\", rpm:\"lib64totem-plparser1~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser1-devel\", rpm:\"lib64totem-plparser1-devel~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-cvs-client\", rpm:\"eclipse-cvs-client~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.20.0~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.20.0~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~7.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.12\", rpm:\"libmozilla-firefox2.0.0.12~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser-devel\", rpm:\"libtotem-plparser-devel~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser7\", rpm:\"libtotem-plparser7~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.771~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.0.43~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~1.4.2~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gnome-support\", rpm:\"mozilla-firefox-gnome-support~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.20.0~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.12\", rpm:\"lib64mozilla-firefox2.0.0.12~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser-devel\", rpm:\"lib64totem-plparser-devel~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser7\", rpm:\"lib64totem-plparser7~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:07", "description": "Check for the Version of mozilla-firefox", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for mozilla-firefox MDVSA-2008:048 (mozilla-firefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830624", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla-firefox MDVSA-2008:048 (mozilla-firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of security vulnerabilities have been discovered and corrected\n in the latest Mozilla Firefox program, version 2.0.0.12.\n\n This update provides the latest Firefox to correct these issues.\";\n\ntag_affected = \"mozilla-firefox on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-02/msg00030.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830624\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:048\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_name( \"Mandriva Update for mozilla-firefox MDVSA-2008:048 (mozilla-firefox)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of mozilla-firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"deskbar-applet\", rpm:\"deskbar-applet~2.18.0~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt-sdk\", rpm:\"eclipse-jdt-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-sdk\", rpm:\"eclipse-pde-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform-sdk\", rpm:\"eclipse-platform-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp-sdk\", rpm:\"eclipse-rcp-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-sdk\", rpm:\"eclipse-sdk~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.18.0~5.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.18.0~5.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.18.0~2.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~5.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.14.3~4.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0-devel\", rpm:\"libdevhelp-1_0-devel~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.12\", rpm:\"libmozilla-firefox2.0.0.12~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser1\", rpm:\"libtotem-plparser1~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser1-devel\", rpm:\"libtotem-plparser1-devel~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.0~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.2.2~3.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.12~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0-devel\", rpm:\"lib64devhelp-1_0-devel~0.13~3.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.12\", rpm:\"lib64mozilla-firefox2.0.0.12~2.0.0.12~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser1\", rpm:\"lib64totem-plparser1~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser1-devel\", rpm:\"lib64totem-plparser1-devel~2.18.2~1.7mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-cvs-client\", rpm:\"eclipse-cvs-client~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-ecj\", rpm:\"eclipse-ecj~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-jdt\", rpm:\"eclipse-jdt~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde\", rpm:\"eclipse-pde~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-pde-runtime\", rpm:\"eclipse-pde-runtime~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-platform\", rpm:\"eclipse-platform~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse-rcp\", rpm:\"eclipse-rcp~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.20.0~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.20.0~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~7.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gksu\", rpm:\"gnome-python-gksu~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox-devel\", rpm:\"libmozilla-firefox-devel~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmozilla-firefox2.0.0.12\", rpm:\"libmozilla-firefox2.0.0.12~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswt3-gtk2\", rpm:\"libswt3-gtk2~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser-devel\", rpm:\"libtotem-plparser-devel~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser7\", rpm:\"libtotem-plparser7~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox\", rpm:\"mozilla-firefox~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-af\", rpm:\"mozilla-firefox-af~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ar\", rpm:\"mozilla-firefox-ar~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-be\", rpm:\"mozilla-firefox-be~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-bg\", rpm:\"mozilla-firefox-bg~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-br_FR\", rpm:\"mozilla-firefox-br_FR~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ca\", rpm:\"mozilla-firefox-ca~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-cs\", rpm:\"mozilla-firefox-cs~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-da\", rpm:\"mozilla-firefox-da~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-de\", rpm:\"mozilla-firefox-de~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-el\", rpm:\"mozilla-firefox-el~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-en_GB\", rpm:\"mozilla-firefox-en_GB~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_AR\", rpm:\"mozilla-firefox-es_AR~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-es_ES\", rpm:\"mozilla-firefox-es_ES~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-et_EE\", rpm:\"mozilla-firefox-et_EE~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-eu\", rpm:\"mozilla-firefox-eu~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.771~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.0.43~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~1.4.2~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fi\", rpm:\"mozilla-firefox-fi~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fr\", rpm:\"mozilla-firefox-fr~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-fy\", rpm:\"mozilla-firefox-fy~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ga\", rpm:\"mozilla-firefox-ga~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gnome-support\", rpm:\"mozilla-firefox-gnome-support~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-gu_IN\", rpm:\"mozilla-firefox-gu_IN~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-he\", rpm:\"mozilla-firefox-he~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-hu\", rpm:\"mozilla-firefox-hu~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-it\", rpm:\"mozilla-firefox-it~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ja\", rpm:\"mozilla-firefox-ja~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ka\", rpm:\"mozilla-firefox-ka~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ko\", rpm:\"mozilla-firefox-ko~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ku\", rpm:\"mozilla-firefox-ku~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-lt\", rpm:\"mozilla-firefox-lt~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mk\", rpm:\"mozilla-firefox-mk~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-mn\", rpm:\"mozilla-firefox-mn~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nb_NO\", rpm:\"mozilla-firefox-nb_NO~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nl\", rpm:\"mozilla-firefox-nl~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-nn_NO\", rpm:\"mozilla-firefox-nn_NO~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pa_IN\", rpm:\"mozilla-firefox-pa_IN~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pl\", rpm:\"mozilla-firefox-pl~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_BR\", rpm:\"mozilla-firefox-pt_BR~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-pt_PT\", rpm:\"mozilla-firefox-pt_PT~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ro\", rpm:\"mozilla-firefox-ro~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-ru\", rpm:\"mozilla-firefox-ru~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sk\", rpm:\"mozilla-firefox-sk~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sl\", rpm:\"mozilla-firefox-sl~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-sv_SE\", rpm:\"mozilla-firefox-sv_SE~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-tr\", rpm:\"mozilla-firefox-tr~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-uk\", rpm:\"mozilla-firefox-uk~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_CN\", rpm:\"mozilla-firefox-zh_CN~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-zh_TW\", rpm:\"mozilla-firefox-zh_TW~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.20.0~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"eclipse\", rpm:\"eclipse~3.3.0~0.20.8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-firefox-l10n\", rpm:\"mozilla-firefox-l10n~2.0.0.12~1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.16~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox-devel\", rpm:\"lib64mozilla-firefox-devel~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mozilla-firefox2.0.0.12\", rpm:\"lib64mozilla-firefox2.0.0.12~2.0.0.12~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser-devel\", rpm:\"lib64totem-plparser-devel~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser7\", rpm:\"lib64totem-plparser7~2.20.1~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:35", "description": "Check for the Version of epiphany-extensions", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for epiphany-extensions FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860109", "href": "http://plugins.openvas.org/nasl.php?oid=860109", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany-extensions FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany-extensions on Fedora 7\";\ntag_insight = \"Epiphany Extensions is a collection of extensions for Epiphany, the\n GNOME web browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00273.html\");\n script_id(860109);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for epiphany-extensions FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of epiphany-extensions\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.18.3~7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:55", "description": "Check for the Version of chmsee", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for chmsee FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860442", "href": "http://plugins.openvas.org/nasl.php?oid=860442", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chmsee FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A gtk2 chm document viewer.\n\n It uses chmlib to extract files. It uses gecko to display pages. It supports\n displaying multilingual pages due to gecko. It features bookmarks and tabs.\n The tabs could be used to jump inside the chm file conveniently. Its UI is\n clean and handy, also is well localized. It is actively developed and\n maintained. The author of chmsee is Jungle Ji and several other great people.\n \n Hint\n * Unlike other chm viewers, chmsee extracts files from chm file, and then read\n and display them. The extracted files could be found in $HOME/.chmsee/bookshelf\n directory. You can clean those files at any time and there is a special config\n option for that.\n * The bookmark is related to each file so not all bookmarks will be loaded,\n only current file's.\n * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade.\";\n\ntag_affected = \"chmsee on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00375.html\");\n script_id(860442);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for chmsee FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of chmsee\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"chmsee\", rpm:\"chmsee~1.0.0~1.28.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:00", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860306", "href": "http://plugins.openvas.org/nasl.php?oid=860306", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 7\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html\");\n script_id(860306);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for firefox FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~2.0.0.12~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:56", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-hu\n mozilla-cs\n mozilla-venkman\n mozilla-dom-inspector\n mozilla-mail\n mozilla-calendar\n mozilla-devel\n mozilla-irc\n mozilla-deat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021982 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Mozilla", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065196", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065196", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021982.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-hu\n mozilla-cs\n mozilla-venkman\n mozilla-dom-inspector\n mozilla-mail\n mozilla-calendar\n mozilla-devel\n mozilla-irc\n mozilla-deat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021982 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65196\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-0594\", \"CVE-2008-0593\", \"CVE-2008-0592\", \"CVE-2008-0591\", \"CVE-2008-0419\", \"CVE-2008-0418\", \"CVE-2008-0417\", \"CVE-2008-0415\", \"CVE-2008-0414\", \"CVE-2008-0412\", \"CVE-2008-0413\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.8_seamonkey_1.0.9~1.10\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:21", "description": "Oracle Linux Local Security Checks ELSA-2008-0103", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0103", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122612", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122612", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0103.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122612\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:16 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0103\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0103 - Critical: firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0103\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0103.html\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:01", "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 1506-1.", "cvss3": {}, "published": "2008-02-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1506-1 (iceape)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60441", "href": "http://plugins.openvas.org/nasl.php?oid=60441", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1506_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1506-1 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite.\nFor details, please visit the referenced security advisories.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.12~pre080131b-0etch1.\n\nThe Mozilla releases from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your iceape packages.\";\ntag_summary = \"The remote host is missing an update to iceape\nannounced via advisory DSA 1506-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201506-1\";\n\n\nif(description)\n{\n script_id(60441);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-28 02:09:28 +0100 (Thu, 28 Feb 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1506-1 (iceape)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla\", ver:\"1.8+1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-calendar\", ver:\"1.8+1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-js-debugger\", ver:\"1.8+1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dom-inspector\", ver:\"1.8+1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape\", ver:\"1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-chatzilla\", ver:\"1.8+1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dev\", ver:\"1.8+1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-mailnews\", ver:\"1.8+1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-psm\", ver:\"1.8+1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-browser\", ver:\"1.8+1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dom-inspector\", ver:\"1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-gnome-support\", ver:\"1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-calendar\", ver:\"1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"1.0.12~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:22", "description": "Check for the Version of yelp", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for yelp FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860054", "href": "http://plugins.openvas.org/nasl.php?oid=860054", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for yelp FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"yelp on Fedora 7\";\ntag_insight = \"Yelp is the Gnome 2 help/documentation browser. It is designed\n to help you browse all the documentation on your system in\n one central tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00283.html\");\n script_id(860054);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for yelp FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of yelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.18.1~9.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:23", "description": "Check for the Version of chmsee", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for chmsee FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860588", "href": "http://plugins.openvas.org/nasl.php?oid=860588", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chmsee FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A gtk2 chm document viewer.\n\n It uses chmlib to extract files. It uses gecko to display pages. It supports\n displaying multilingual pages due to gecko. It features bookmarks and tabs.\n The tabs could be used to jump inside the chm file conveniently. Its UI is\n clean and handy, also is well localized. It is actively developed and\n maintained. The author of chmsee is Jungle Ji and several other great people.\n \n Hint\n * Unlike other chm viewers, chmsee extracts files from chm file, and then read\n and display them. The extracted files could be found in $HOME/.chmsee/bookshelf\n directory. You can clean those files at any time and there is a special config\n option for that.\n * The bookmark is related to each file so not all bookmarks will be loaded,\n only current file's.\n * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade.\";\n\ntag_affected = \"chmsee on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00272.html\");\n script_id(860588);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for chmsee FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of chmsee\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"chmsee\", rpm:\"chmsee~1.0.0~1.28.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:15", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860714", "href": "http://plugins.openvas.org/nasl.php?oid=860714", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 8\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00380.html\");\n script_id(860714);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for firefox FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~2.0.0.12~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:05", "description": "Check for the Version of gnome-python2-extras", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860802", "href": "http://plugins.openvas.org/nasl.php?oid=860802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 7\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00277.html\");\n script_id(860802);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for gnome-python2-extras FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.14.3~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:23", "description": "Check for the Version of Miro", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for Miro FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860787", "href": "http://plugins.openvas.org/nasl.php?oid=860787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for Miro FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"Miro on Fedora 7\";\ntag_insight = \"Miro is a free application that turns your computer into an\n internet TV video player. This release is still a beta version, which means\n that there are some bugs, but we're moving quickly to fix them and will be\n releasing bug fixes on a regular basis.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00284.html\");\n script_id(860787);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for Miro FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of Miro\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"Miro\", rpm:\"Miro~1.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:35", "description": "Check for the Version of openvrml", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for openvrml FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860538", "href": "http://plugins.openvas.org/nasl.php?oid=860538", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvrml FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openvrml on Fedora 8\";\ntag_insight = \"OpenVRML is a VRML/X3D support library, including a runtime and facilities\n for reading and displaying VRML and X3D models.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00387.html\");\n script_id(860538);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for openvrml FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of openvrml\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvrml\", rpm:\"openvrml~0.17.5~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:46", "description": "Check for the Version of gnome-web-photo", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860616", "href": "http://plugins.openvas.org/nasl.php?oid=860616", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 8\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00377.html\");\n script_id(860616);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for gnome-web-photo FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.3~8.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:59", "description": "Check for the Version of devhelp", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for devhelp FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860693", "href": "http://plugins.openvas.org/nasl.php?oid=860693", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for devhelp FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"devhelp on Fedora 8\";\ntag_insight = \"An API document browser for GNOME 2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00373.html\");\n script_id(860693);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for devhelp FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of devhelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.16.1~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:49", "description": "Check for the Version of epiphany", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for epiphany FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860822", "href": "http://plugins.openvas.org/nasl.php?oid=860822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany on Fedora 8\";\ntag_insight = \"epiphany is a simple GNOME web browser based on the Mozilla rendering\n engine.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00379.html\");\n script_id(860822);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for epiphany FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of epiphany\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.20.2~3.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:15", "description": "Check for the Version of epiphany-extensions", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for epiphany-extensions FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860234", "href": "http://plugins.openvas.org/nasl.php?oid=860234", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany-extensions FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany-extensions on Fedora 8\";\ntag_insight = \"Epiphany Extensions is a collection of extensions for Epiphany, the\n GNOME web browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00376.html\");\n script_id(860234);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for epiphany-extensions FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of epiphany-extensions\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.20.1~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:01", "description": "Check for the Version of galeon", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for galeon FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860664", "href": "http://plugins.openvas.org/nasl.php?oid=860664", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for galeon FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"galeon on Fedora 8\";\ntag_insight = \"Galeon is a web browser built around Gecko (Mozilla's rendering\n engine) and Necko (Mozilla's networking engine). It's a GNOME web\n browser, designed to take advantage of as many GNOME technologies as\n makes sense. Galeon was written to do just one thing - browse the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00383.html\");\n script_id(860664);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for galeon FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of galeon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.4~1.fc8.2\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:10", "description": "Check for the Version of gtkmozembedmm", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gtkmozembedmm FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860127", "href": "http://plugins.openvas.org/nasl.php?oid=860127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gtkmozembedmm FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gtkmozembedmm on Fedora 8\";\ntag_insight = \"This package provides a C++/gtkmm wrapper for GtkMozEmbed\n from Mozilla 1.4.x to 1.7.x.\n The wrapper provides a convenient interface for C++ programmers\n to use the Gtkmozembed HTML-rendering widget inside their software.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html\");\n script_id(860127);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for gtkmozembedmm FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of gtkmozembedmm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtkmozembedmm\", rpm:\"gtkmozembedmm~1.4.2.cvs20060817~18.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:12", "description": "Check for the Version of yelp", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for yelp FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860287", "href": "http://plugins.openvas.org/nasl.php?oid=860287", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for yelp FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"yelp on Fedora 8\";\ntag_insight = \"Yelp is the Gnome 2 help/documentation browser. It is designed\n to help you browse all the documentation on your system in\n one central tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00385.html\");\n script_id(860287);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for yelp FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of yelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.20.0~7.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:04", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2008-2060", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0304", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860797", "href": "http://plugins.openvas.org/nasl.php?oid=860797", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2008-2060\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"thunderbird on Fedora 8\";\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html\");\n script_id(860797);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2060\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0304\", \"CVE-2008-0420\");\n script_name( \"Fedora Update for thunderbird FEDORA-2008-2060\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~2.0.0.12~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:58", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for seamonkey FEDORA-2008-1669", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860184", "href": "http://plugins.openvas.org/nasl.php?oid=860184", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2008-1669\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 7\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00518.html\");\n script_id(860184);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1669\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"Fedora Update for seamonkey FEDORA-2008-1669\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.8~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:21", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2008-2118", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0304", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860417", "href": "http://plugins.openvas.org/nasl.php?oid=860417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2008-2118\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"thunderbird on Fedora 7\";\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html\");\n script_id(860417);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2118\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0420\", \"CVE-2008-0304\");\n script_name( \"Fedora Update for thunderbird FEDORA-2008-2118\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~2.0.0.12~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:16", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2008:0105-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0304", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870044", "href": "http://plugins.openvas.org/nasl.php?oid=870044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2008:0105-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A heap-based buffer overflow flaw was found in the way Thunderbird\n processed messages with external-body Multipurpose Internet Message\n Extensions (MIME) types. A HTML mail message containing malicious content\n could cause Thunderbird to execute arbitrary code as the user running\n Thunderbird. (CVE-2008-0304)\n \n Several flaws were found in the way Thunderbird processed certain malformed\n HTML mail content. A HTML mail message containing malicious content could\n cause Thunderbird to crash, or potentially execute arbitrary code as the\n user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\n CVE-2008-0419)\n \n Several flaws were found in the way Thunderbird displayed malformed HTML\n mail content. A HTML mail message containing specially-crafted content\n could trick a user into surrendering sensitive information. (CVE-2008-0420,\n CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Thunderbird handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious HTML mail\n message to steal sensitive session data. Note: this flaw does not affect a\n default installation of Thunderbird. (CVE-2008-0418)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n A flaw was found in the way Thunderbird saves certain text files. If a\n remote site offers a file of type "plain/text", rather than "text/plain",\n Thunderbird will not show future "text/plain" content to the user, forcing\n them to save those files locally to view the content. (CVE-2008-0592)\n \n Users of thunderbird are advised to upgrade to these updated packages,\n which contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-February/msg00020.html\");\n script_id(870044);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0105-02\");\n script_cve_id(\"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"RedHat Update for thunderbird RHSA-2008:0105-02\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~1.5.0.12~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:01", "description": "The remote host is missing an update to iceape\nannounced via advisory DSA 1506-2.", "cvss3": {}, "published": "2008-03-27T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1506-2 (iceape)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60615", "href": "http://plugins.openvas.org/nasl.php?oid=60615", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1506_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1506-2 (iceape)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A regression has been fixed in iceape's frame handling code.\nFor details, please visit the referenced advisories.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.12~pre080131b-0etch2.\n\nThe Mozilla releases from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your iceape packages.\";\ntag_summary = \"The remote host is missing an update to iceape\nannounced via advisory DSA 1506-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201506-2\";\n\n\nif(description)\n{\n script_id(60615);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-03-27 18:25:13 +0100 (Thu, 27 Mar 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1506-2 (iceape)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceape-dev\", ver:\"1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-psm\", ver:\"1.8+1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-js-debugger\", ver:\"1.8+1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dom-inspector\", ver:\"1.8+1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-browser\", ver:\"1.8+1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-dev\", ver:\"1.8+1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla\", ver:\"1.8+1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-mailnews\", ver:\"1.8+1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-calendar\", ver:\"1.8+1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-chatzilla\", ver:\"1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-chatzilla\", ver:\"1.8+1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape\", ver:\"1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-calendar\", ver:\"1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dbg\", ver:\"1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-mailnews\", ver:\"1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-gnome-support\", ver:\"1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-browser\", ver:\"1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceape-dom-inspector\", ver:\"1.0.12~pre080131b-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:58", "description": "Check for the Version of kazehakase", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for kazehakase FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860429", "href": "http://plugins.openvas.org/nasl.php?oid=860429", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kazehakase FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kazehakase on Fedora 8\";\ntag_insight = \"Kazehakase is a Web browser which aims to provide\n a user interface that is truly user-friendly & fully customizable.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00382.html\");\n script_id(860429);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for kazehakase FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of kazehakase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"kazehakase\", rpm:\"kazehakase~0.5.2~1.fc8.2\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:17", "description": "Check for the Version of kazehakase", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for kazehakase FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860637", "href": "http://plugins.openvas.org/nasl.php?oid=860637", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kazehakase FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kazehakase on Fedora 7\";\ntag_insight = \"Kazehakase is a Web browser which aims to provide\n a user interface that is truly user-friendly & fully customizable.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00282.html\");\n script_id(860637);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for kazehakase FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of kazehakase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kazehakase\", rpm:\"kazehakase~0.5.2~1.fc7.2\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:26", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-hu\n mozilla-cs\n mozilla-venkman\n mozilla-dom-inspector\n mozilla-mail\n mozilla-calendar\n mozilla-devel\n mozilla-irc\n mozilla-deat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021982 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Mozilla", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65196", "href": "http://plugins.openvas.org/nasl.php?oid=65196", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021982.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla\n mozilla-hu\n mozilla-cs\n mozilla-venkman\n mozilla-dom-inspector\n mozilla-mail\n mozilla-calendar\n mozilla-devel\n mozilla-irc\n mozilla-deat\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021982 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65196);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-0594\", \"CVE-2008-0593\", \"CVE-2008-0592\", \"CVE-2008-0591\", \"CVE-2008-0419\", \"CVE-2008-0418\", \"CVE-2008-0417\", \"CVE-2008-0415\", \"CVE-2008-0414\", \"CVE-2008-0412\", \"CVE-2008-0413\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla\", rpm:\"mozilla~1.8_seamonkey_1.0.9~1.10\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:26", "description": "Check for the Version of gtkmozembedmm", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gtkmozembedmm FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860051", "href": "http://plugins.openvas.org/nasl.php?oid=860051", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gtkmozembedmm FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gtkmozembedmm on Fedora 7\";\ntag_insight = \"This package provides a C++/gtkmm wrapper for GtkMozEmbed\n from Mozilla 1.4.x to 1.7.x.\n The wrapper provides a convenient interface for C++ programmers\n to use the Gtkmozembed HTML-rendering widget inside their software.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00276.html\");\n script_id(860051);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for gtkmozembedmm FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of gtkmozembedmm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtkmozembedmm\", rpm:\"gtkmozembedmm~1.4.2.cvs20060817~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:20:35", "description": "Check for the Version of MozillaFirefox,seamonkey", "cvss3": {}, "published": "2009-01-23T00:00:00", "type": "openvas", "title": "SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:008", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850020", "href": "http://plugins.openvas.org/nasl.php?oid=850020", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_008.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:008\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The web browser Mozilla Firefox has been brought to security update\n version 2.0.0.12.\n\n The Firefox versions was upgraded to 2.0.0.12 on:\n - SUSE Linux 10.1, openSUSE 10.2 and 10.3\n - SUSE Linux Enterprise Server and Desktop 10\n\n All Firefox fixes were also back ported to the Firefox 1.5.0.14 version\n in Novell Linux Desktop 9.\n\n Also released were Mozilla Seamonkey Suite 1.8.1.12 packages for\n openSUSE 10.2 and 10.3. All Mozilla Seamonkey fixes were back ported\n to the SUSE Linux 10.1 seamonkey 1.8.0 version.\n\n Following security problems were fixed:\n - CVE-2008-0594 Web forgery overwrite with div overlay\n - CVE-2008-0593 URL token stealing via stylesheet redirect\n - CVE-2008-0592 Mishandling of locally-saved plain text files\n - CVE-2008-0591 File action dialog tampering\n - CVE-2008-0419 Web browsing history and forward navigation\n stealing\n - CVE-2008-0418 Directory traversal via chrome: URI\n - CVE-2008-0417 Stored password corruption\n - CVE-2008-0415 Privilege escalation, XSS, Remote Code\n Execution\n - CVE-2008-0414 Multiple file input focus stealing\n vulnerabilities\n - CVE-2008-0413 Crashes with evidence of\n memory corruption (rv:1.8.1.12)\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"MozillaFirefox,seamonkey on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850020);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-008\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_name( \"SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:008\");\n\n script_summary(\"Check for the Version of MozillaFirefox,seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.8~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.1.8~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~1.1.8~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.1.8~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-spellchecker\", rpm:\"seamonkey-spellchecker~1.1.8~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~1.1.8~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.12~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.12~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.12~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.12~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.8~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.1.8~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~1.1.8~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.1.8~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-spellchecker\", rpm:\"seamonkey-spellchecker~1.1.8~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~1.1.8~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~1.5.0.12~0.9\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~1.5.0.12~0.9\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.12~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.12~0.2\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.12~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.12~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~2.0.0.12~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~2.0.0.12~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-calendar\", rpm:\"seamonkey-calendar~1.0.9~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~1.0.9~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-spellchecker\", rpm:\"seamonkey-spellchecker~1.0.9~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~1.0.9~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:38", "description": "Check for the Version of openvrml", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for openvrml FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860105", "href": "http://plugins.openvas.org/nasl.php?oid=860105", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvrml FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openvrml on Fedora 7\";\ntag_insight = \"OpenVRML is a VRML/X3D support library, including a runtime and facilities\n for reading and displaying VRML and X3D models.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00285.html\");\n script_id(860105);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for openvrml FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of openvrml\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvrml\", rpm:\"openvrml~0.16.7~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:53", "description": "Check for the Version of gnome-python2-extras", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860415", "href": "http://plugins.openvas.org/nasl.php?oid=860415", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 8\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00378.html\");\n script_id(860415);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for gnome-python2-extras FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.19.1~12.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:58", "description": "Check for the Version of epiphany", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for epiphany FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860719", "href": "http://plugins.openvas.org/nasl.php?oid=860719", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany on Fedora 7\";\ntag_insight = \"epiphany is a simple GNOME web browser based on the Mozilla rendering\n engine.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00280.html\");\n script_id(860719);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for epiphany FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of epiphany\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.18.3~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:15", "description": "Check for the Version of Miro", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for Miro FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860857", "href": "http://plugins.openvas.org/nasl.php?oid=860857", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for Miro FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"Miro on Fedora 8\";\ntag_insight = \"Miro is a free application that turns your computer into an\n internet TV video player. This release is still a beta version, which means\n that there are some bugs, but we're moving quickly to fix them and will be\n releasing bug fixes on a regular basis.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00384.html\");\n script_id(860857);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for Miro FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of Miro\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"Miro\", rpm:\"Miro~1.1~3.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:05", "description": "Check for the Version of galeon", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for galeon FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860512", "href": "http://plugins.openvas.org/nasl.php?oid=860512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for galeon FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"galeon on Fedora 7\";\ntag_insight = \"Galeon is a web browser built around Gecko (Mozilla's rendering\n engine) and Necko (Mozilla's networking engine). It's a GNOME web\n browser, designed to take advantage of as many GNOME technologies as\n makes sense. Galeon was written to do just one thing - browse the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00278.html\");\n script_id(860512);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for galeon FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of galeon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.3~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:05", "description": "Check for the Version of devhelp", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for devhelp FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860679", "href": "http://plugins.openvas.org/nasl.php?oid=860679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for devhelp FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"devhelp on Fedora 7\";\ntag_insight = \"An API document browser for GNOME 2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00275.html\");\n script_id(860679);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for devhelp FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of devhelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.13~13.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:09", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for seamonkey FEDORA-2008-1459", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860975", "href": "http://plugins.openvas.org/nasl.php?oid=860975", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2008-1459\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 8\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html\");\n script_id(860975);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1459\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"Fedora Update for seamonkey FEDORA-2008-1459\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.8~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:18", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2008:0105-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0304", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2008:0105-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A heap-based buffer overflow flaw was found in the way Thunderbird\n processed messages with external-body Multipurpose Internet Message\n Extensions (MIME) types. A HTML mail message containing malicious content\n could cause Thunderbird to execute arbitrary code as the user running\n Thunderbird. (CVE-2008-0304)\n \n Several flaws were found in the way Thunderbird processed certain malformed\n HTML mail content. A HTML mail message containing malicious content could\n cause Thunderbird to crash, or potentially execute arbitrary code as the\n user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\n CVE-2008-0419)\n \n Several flaws were found in the way Thunderbird displayed malformed HTML\n mail content. A HTML mail message containing specially-crafted content\n could trick a user into surrendering sensitive information. (CVE-2008-0420,\n CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Thunderbird handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious HTML mail\n message to steal sensitive session data. Note: this flaw does not affect a\n default installation of Thunderbird. (CVE-2008-0418)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n A flaw was found in the way Thunderbird saves certain text files. If a\n remote site offers a file of type "plain/text", rather than "text/plain",\n Thunderbird will not show future "text/plain" content to the user, forcing\n them to save those files locally to view the content. (CVE-2008-0592)\n \n Users of thunderbird are advised to upgrade to these updated packages,\n which contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-February/msg00020.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870044\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0105-02\");\n script_cve_id(\"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"RedHat Update for thunderbird RHSA-2008:0105-02\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~1.5.0.12~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-07T16:39:04", "description": "The remote host is probable affected by the vulnerabilitys described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-0412", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:136141256231090014", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090014", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.90014\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-0412\", \"CVE-2008-0416\");\n script_name(\"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\");\n\n script_tag(name:\"solution\", value:\"All Users should upgrade to the latest versions of Firefox, Thunderbird or Seamonkey.\");\n\n script_tag(name:\"summary\", value:\"The remote host is probable affected by the vulnerabilitys described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\");\n\n script_tag(name:\"impact\", value:\"Mozilla contributors moz_bug_r_a4, Boris Zbarsky,\n and Johnny Stenback reported a series of vulnerabilities which allow scripts from\n page content to run with elevated privileges. moz_bug_r_a4 demonstrated additional\n variants of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution through\n XPCNativeWrapper pollution). Additional vulnerabilities reported separately by\n Boris Zbarsky, Johnny Stenback, and moz_bug_r_a4 showed that the browser could be\n forced to run JavaScript code using the wrong principal leading to universal XSS\n and arbitrary code execution. And more...\");\n\n script_tag(name:\"deprecated\", value:TRUE); # This NVT is broken in many ways...\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\nexit(66);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:56:04", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880022", "href": "http://plugins.openvas.org/nasl.php?oid=880022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014668.html\");\n script_id(880022);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos4 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:09", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880161", "href": "http://plugins.openvas.org/nasl.php?oid=880161", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014663.html\");\n script_id(880161);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos4 x86_64\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:35", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880161", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014663.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880161\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:11", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880131", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014682.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880131\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104-01\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:30", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014669.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880157\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:02", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880191", "href": "http://plugins.openvas.org/nasl.php?oid=880191", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014664.html\");\n script_id(880191);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos4 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:50", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2008:0104-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870039", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2008:0104-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-February/msg00002.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870039\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0104-01\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"RedHat Update for seamonkey RHSA-2008:0104-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:17", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014678.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880164\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:29", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880136", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014670.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880136\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:59", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880054", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014662.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880054\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:14", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880191", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880191", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014664.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880191\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:53", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-592-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox vulnerabilities USN-592-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840285", "href": "http://plugins.openvas.org/nasl.php?oid=840285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_592_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for firefox vulnerabilities USN-592-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws\n in Firefox's character encoding handling. If a user were tricked into\n opening a malicious web page, an attacker could perform cross-site\n scripting attacks. (CVE-2008-0416)\n\n Various flaws were discovered in the JavaScript engine. By tricking\n a user into opening a malicious web page, an attacker could escalate\n privileges within the browser, perform cross-site scripting attacks\n and/or execute arbitrary code with the user's privileges.\n (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n \n Several problems were discovered in Firefox which could lead to crashes\n and memory corruption. If a user were tricked into opening a malicious\n web page, an attacker may be able to execute arbitrary code with the\n user's privileges. (CVE-2008-1236, CVE-2008-1237)\n \n Gregory Fleischer discovered Firefox did not properly process HTTP\n Referrer headers when they were sent with with requests to URLs\n containing Basic Authentication credentials with empty usernames. An\n attacker could exploit this vulnerability to perform cross-site request\n forgery attacks. (CVE-2008-1238)\n \n Peter Brodersen and Alexander Klink reported that default the setting in\n Firefox for SSL Client Authentication allowed for users to be tracked\n via their client certificate. The default has been changed to prompt\n the user each time a website requests a client certificate.\n (CVE-2007-4879)\n \n Gregory Fleischer discovered that web content fetched via the jar\n protocol could use Java LiveConnect to connect to arbitrary ports on\n the user's machine due to improper parsing in the Java plugin. If a\n user were tricked into opening malicious web content, an attacker may be\n able to access services running on the user's machine. (CVE-2008-1195,\n CVE-2008-1240)\n \n Chris Thomas discovered that Firefox would allow an XUL popup from an\n unselected tab to display in front of the selected tab. An attacker\n could exploit this behavior to spoof a login prompt and steal the user's\n credentials. (CVE-2008-1241)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-592-1\";\ntag_affected = \"firefox vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-592-1/\");\n script_id(840285);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"592-1\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0416\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_name( \"Ubuntu Update for firefox vulnerabilities USN-592-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:37", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880131", "href": "http://plugins.openvas.org/nasl.php?oid=880131", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014682.html\");\n script_id(880131);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104-01\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:11", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880295", "href": "http://plugins.openvas.org/nasl.php?oid=880295", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014677.html\");\n script_id(880295);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos3 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:48", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880036", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014661.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880036\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:57", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880295", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014677.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880295\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:38", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014668.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880022\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:03", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880017", "href": "http://plugins.openvas.org/nasl.php?oid=880017", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014667.html\");\n script_id(880017);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:45", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880157", "href": "http://plugins.openvas.org/nasl.php?oid=880157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014669.html\");\n script_id(880157);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos5 x86_64\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:36", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880017", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880017", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014667.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880017\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~9.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:10", "description": "Check for the Version of blam", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for blam FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2005-4790", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860601", "href": "http://plugins.openvas.org/nasl.php?oid=860601", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for blam FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"blam on Fedora 8\";\ntag_insight = \"Blam is a tool that helps you keep track of the growing\n number of news feeds distributed as RSS. Blam lets you\n subscribe to any number of feeds and provides an easy to\n use and clean interface to stay up to date\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00374.html\");\n script_id(860601);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2005-4790\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for blam FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of blam\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"blam\", rpm:\"blam~1.8.3~13.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:51", "description": "Check for the Version of ruby-gnome2", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for ruby-gnome2 FEDORA-2008-1435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2007-6183", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860316", "href": "http://plugins.openvas.org/nasl.php?oid=860316", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby-gnome2 FEDORA-2008-1435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ruby-gnome2 on Fedora 7\";\ntag_insight = \"This is a set of bindings for the GNOME-2.x libraries for use from Ruby.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00279.html\");\n script_id(860316);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1435\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2007-6183\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for ruby-gnome2 FEDORA-2008-1435\");\n\n script_summary(\"Check for the Version of ruby-gnome2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby-gnome2\", rpm:\"ruby-gnome2~0.16.0~21.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:23", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2016-09-19T00:00:00", "id": "OPENVAS:60680", "href": "http://plugins.openvas.org/nasl.php?oid=60680", "sourceData": "#\n#VID 12b336c6-fe36-11dc-b09c-001c2514716c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n firefox\n linux-firefox\n seamonkey\n linux-seamonkey\n linux-seamonkey-devel\n thunderbird\n linux-thunderbird\n\nFor details on the the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(60680);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-1241\", \"CVE-2008-1240\", \"CVE-2007-4879\", \"CVE-2008-1238\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\");\n script_bugtraq_id(28448);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.13,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.13\")<0) {\n txt += 'Package linux-firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.9\")<0) {\n txt += 'Package seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.9\")<0) {\n txt += 'Package linux-seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-seamonkey-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package linux-thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-13T10:49:36", "description": "The remote host is probable affected by the vulnerabilities described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-0412", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-06-28T00:00:00", "id": "OPENVAS:90013", "href": "http://plugins.openvas.org/nasl.php?oid=90013", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: smbcl_mozilla.nasl 6467 2017-06-28 13:51:19Z cfischer $\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n# Modified to implement through 'smb_nt.inc'\n# - By Sharath S <sharaths@secpod.com> On 2009-09-17\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_impact = \"Mozilla contributors moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported\n a series of vulnerabilities which allow scripts from page content to run with\n elevated privileges. moz_bug_r_a4 demonstrated additional variants of MFSA\n 2007-25 and MFSA2007-35 (arbitrary code execution through XPCNativeWrapper\n pollution). Additional vulnerabilities reported separately by Boris Zbarsky,\n Johnny Stenback, and moz_bug_r_a4 showed that the browser could be forced to\n run JavaScript code using the wrong principal leading to universal XSS\n and arbitrary code execution.\";\n\ntag_summary = \"The remote host is probable affected by the vulnerabilities described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\";\n\ntag_solution = \"All Users should upgrade to the latest versions of Firefox, Thunderbird or\n Seamonkey.\n http://www.mozilla.com/en-US/firefox/all.html\n http://www.seamonkey-project.org/releases/\n http://www.mozillamessaging.com/en-US/thunderbird/all.html\";\n\n# $Revision: 6467 $\n\nif(description)\n{\n script_id(90013);\n script_version(\"$Revision: 6467 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-28 15:51:19 +0200 (Wed, 28 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0416\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_name(\"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\", \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n # Grep for Firefox version < 2.0.0.14\n if(version_is_less(version:ffVer, test_version:\"2.0.0.14\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Seamonkey Check\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer)\n{\n # Grep for Seamonkey version < 1.1.9\n if(version_is_less(version:smVer, test_version:\"1.1.9\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n # Grep for Thunderbird version < 2.0.0.14\n if(version_is_less(version:tbVer, test_version:\"2.0.0.14\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:35", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0105 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0105 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the way Thunderbird processed certain malformed\n HTML mail content. A HTML mail message containing malicious content could\n cause Thunderbird to crash, or potentially execute arbitrary code as the\n user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\n CVE-2008-0419)\n \n Several flaws were found in the way Thunderbird displayed malformed HTML\n mail content. A HTML mail message containing specially-crafted content\n could trick a user into surrendering sensitive information. (CVE-2008-0591,\n CVE-2008-0593)\n \n A flaw was found in the way Thunderbird handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious HTML mail\n message to steal sensitive session data. Note: this flaw does not affect a\n default installation of Thunderbird. (CVE-2008-0418)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n A flaw was found in the way Thunderbird saves certain text files. If a\n remote site offers a file of type "plain/text", rather than "text/plain",\n Thunderbird will not show future "text/plain" content to the user, forcing\n them to save those files locally to view the content. (CVE-2008-0592) \n \n Users of thunderbird are advised to upgrade to these updated packages,\n which contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014671.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880203\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0105\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0105 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~8.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:37", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2008:0103-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870023", "href": "http://plugins.openvas.org/nasl.php?oid=870023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2008:0103-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-February/msg00001.html\");\n script_id(870023);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0103-01\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"RedHat Update for firefox RHSA-2008:0103-01\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~1.5.0.12~9.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~1.5.0.12~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:44", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2008:0104-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870039", "href": "http://plugins.openvas.org/nasl.php?oid=870039", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2008:0104-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-February/msg00002.html\");\n script_id(870039);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0104-01\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"RedHat Update for seamonkey RHSA-2008:0104-01\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:40", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880164", "href": "http://plugins.openvas.org/nasl.php?oid=880164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014678.html\");\n script_id(880164);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos3 x86_64\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:52", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880036", "href": "http://plugins.openvas.org/nasl.php?oid=880036", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014661.html\");\n script_id(880036);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos3 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0104 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880054", "href": "http://plugins.openvas.org/nasl.php?oid=880054", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0104 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the way SeaMonkey processed certain malformed\n web content. A webpage containing malicious content could cause SeaMonkey\n to crash, or potentially execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way SeaMonkey displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way SeaMonkey stored password data. If a user\n saves login information for a malicious website, it could be possible\n to corrupt the password database, preventing the user from properly\n accessing saved password data. (CVE-2008-0417)\n \n A flaw was found in the way SeaMonkey handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious website\n to steal sensitive session data. Note: this flaw does not affect a default\n installation of SeaMonkey. (CVE-2008-0418)\n \n A flaw was found in the way SeaMonkey saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n SeaMonkey will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592)\n \n Users of SeaMonkey are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014662.html\");\n script_id(880054);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0104\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0104 centos3 x86_64\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.9.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:44", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0103 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880136", "href": "http://plugins.openvas.org/nasl.php?oid=880136", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0103 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014670.html\");\n script_id(880136);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0103\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for firefox CESA-2008:0103 centos5 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:29", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2008:0103-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2008:0103-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Several flaws were found in the way Firefox processed certain malformed web\n content. A webpage containing malicious content could cause Firefox to\n crash, or potentially execute arbitrary code as the user running Firefox.\n (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n \n Several flaws were found in the way Firefox displayed malformed web\n content. A webpage containing specially-crafted content could trick a user\n into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n \n A flaw was found in the way Firefox stored password data. If a user saves\n login information for a malicious website, it could be possible to corrupt\n the password database, preventing the user from properly accessing saved\n password data. (CVE-2008-0417)\n \n A flaw was found in the way Firefox handles certain chrome URLs. If a user\n has certain extensions installed, it could allow a malicious website to\n steal sensitive session data. Note: this flaw does not affect a default\n installation of Firefox. (CVE-2008-0418)\n \n A flaw was found in the way Firefox saves certain text files. If a\n website offers a file of type "plain/text", rather than "text/plain",\n Firefox will not show future "text/plain" content to the user in the\n browser, forcing them to save those files locally to view the content.\n (CVE-2008-0592) \n \n Users of firefox are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-February/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870023\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0103-01\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"RedHat Update for firefox RHSA-2008:0103-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~1.5.0.12~9.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~1.5.0.12~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-16T16:58:23", "description": "The remote host is affected by the vulnerabilities described in the\n referenced advisories.", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2020-04-14T00:00:00", "id": "OPENVAS:136141256231090013", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090013", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.90013\");\n script_version(\"2020-04-14T08:15:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-14 08:15:28 +0000 (Tue, 14 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\",\n \"CVE-2008-1238\", \"CVE-2007-4879\", \"CVE-2008-1195\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_name(\"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\", \"gb_seamonkey_detect_win.nasl\", \"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-2.0/#firefox2.0.0.13\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/seamonkey-1.1/#seamonkey1.1.9\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird-2.0/#thunderbird2.0.0.14\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/\");\n\n script_tag(name:\"solution\", value:\"All users should upgrade to the latest versions of Firefox, Thunderbird or\n Seamonkey.\");\n\n script_tag(name:\"summary\", value:\"The remote host is affected by the vulnerabilities described in the\n referenced advisories.\");\n\n script_tag(name:\"impact\", value:\"Mozilla contributors moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported\n a series of vulnerabilities which allow scripts from page content to run with\n elevated privileges. moz_bug_r_a4 demonstrated additional variants of MFSA\n 2007-25 and MFSA2007-35 (arbitrary code execution through XPCNativeWrapper\n pollution). Additional vulnerabilities reported separately by Boris Zbarsky,\n Johnny Stenback, and moz_bug_r_a4 showed that the browser could be forced to\n run JavaScript code using the wrong principal leading to universal XSS\n and arbitrary code execution.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"2.0.0.13\"))\n {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"2.0.0.13\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer)\n{\n if(version_is_less(version:smVer, test_version:\"1.1.9\"))\n {\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"1.1.9\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"2.0.0.14\")){\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"2.0.0.14\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-08T11:44:49", "description": "The remote host is probable affected by the vulnerabilitys described in \nCVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\nCVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\nCVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\n\n\nImpact\n Mozilla contributors moz_bug_r_a4, Boris Zbarsky, \n and Johnny Stenback reported a series of vulnerabilities \n which allow scripts from page content to run with elevated\n privileges. moz_bug_r_a4 demonstrated additional variants\n of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution\n through XPCNativeWrapper pollution). Additional \n vulnerabilities reported separately by Boris Zbarsky, \n Johnny Stenback, and moz_bug_r_a4 showed that the browser\n could be forced to run JavaScript code using the wrong \n principal leading to universal XSS and arbitrary code execution.\n And more...", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-0412", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:90014", "href": "http://plugins.openvas.org/nasl.php?oid=90014", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mozilla_CB-A08-0017.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host is probable affected by the vulnerabilitys described in \nCVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\nCVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\nCVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\n\n\nImpact\n Mozilla contributors moz_bug_r_a4, Boris Zbarsky, \n and Johnny Stenback reported a series of vulnerabilities \n which allow scripts from page content to run with elevated\n privileges. moz_bug_r_a4 demonstrated additional variants\n of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution\n through XPCNativeWrapper pollution). Additional \n vulnerabilities reported separately by Boris Zbarsky, \n Johnny Stenback, and moz_bug_r_a4 showed that the browser\n could be forced to run JavaScript code using the wrong \n principal leading to universal XSS and arbitrary code execution.\n And more...\";\n\ntag_solution = \"All Users should upgrade to the latest versions of Firefox, Thunderbird or Seamonkey.\";\n\n# $Revision: 8023 $\n\nif(description)\n{\n\n script_id(90014);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-0412\", \"CVE-2008-0416\");\n name = \"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\";\n script_name(name);\n\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n family = \"General\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n\n # This NVT is broken in many ways...\n script_tag(name:\"deprecated\", value:TRUE); \n\n exit(0);\n}\n\nexit(66);\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(!sock){\n exit(0);\n}\n\nr = find_bin(prog_name:\"firefox\", sock:sock);\nforeach binary_name (r) {\n binary_name = chomp(binary_name);\n ver = get_bin_version(full_prog_name:binary_name, version_argv:\"--version\", ver_pattern:\"([0-9\\.]+)\");\n if(ver != NULL) {\n if(version_is_less(version:ver[0], test_version:\"2.0.0.14\") ) {\n security_message(port:0);\n report = string(\"\\nFound : \") + binary_name + \" Version : \" + ver[max_index(ver)-1] + string(\"\\n\");\n security_message(port:0, data:report);\n } \n }\n}\nr = find_bin(prog_name:\"thunderbird\", sock:sock);\nforeach binary_name (r) {\n binary_name = chomp(binary_name);\n ver = get_bin_version(full_prog_name:binary_name, version_argv:\"--version\", ver_pattern:\"([0-9\\.]+)\");\n if(ver != NULL) {\n if(version_is_less(version:ver[0], test_version:\"2.0.0.14\") ) {\n security_message(port:0);\n report = string(\"\\nFound : \") + binary_name + \" Version : \" + ver[max_index(ver)-1] + string(\"\\n\");\n security_message(port:0, data:report);\n } \n }\n}\nr = find_bin(prog_name:\"seamonkey\", sock:sock);\nforeach binary_name (r) {\n binary_name = chomp(binary_name);\n ver = get_bin_version(full_prog_name:binary_name, version_argv:\"--version\", ver_pattern:\"([0-9\\.]+)\");\n if(ver != NULL) {\n if(version_is_less(version:ver[0], test_version:\"1.1.9\") ) {\n security_message(port:0);\n report = string(\"\\nFound : \") + binary_name + \" Version : \" + ver[max_index(ver)-1] + string(\"\\n\");\n security_message(port:0, data:report);\n } \n }\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:35", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0105 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880270", "href": "http://plugins.openvas.org/nasl.php?oid=880270", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0105 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the way Thunderbird processed certain malformed\n HTML mail content. A HTML mail message containing malicious content could\n cause Thunderbird to crash, or potentially execute arbitrary code as the\n user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\n CVE-2008-0419)\n \n Several flaws were found in the way Thunderbird displayed malformed HTML\n mail content. A HTML mail message containing specially-crafted content\n could trick a user into surrendering sensitive information. (CVE-2008-0591,\n CVE-2008-0593)\n \n A flaw was found in the way Thunderbird handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious HTML mail\n message to steal sensitive session data. Note: this flaw does not affect a\n default installation of Thunderbird. (CVE-2008-0418)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n A flaw was found in the way Thunderbird saves certain text files. If a\n remote site offers a file of type "plain/text", rather than "text/plain",\n Thunderbird will not show future "text/plain" content to the user, forcing\n them to save those files locally to view the content. (CVE-2008-0592) \n \n Users of thunderbird are advised to upgrade to these updated packages,\n which contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014666.html\");\n script_id(880270);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0105\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0105 centos4 x86_64\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~8.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:43", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0105 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880228", "href": "http://plugins.openvas.org/nasl.php?oid=880228", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0105 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the way Thunderbird processed certain malformed\n HTML mail content. A HTML mail message containing malicious content could\n cause Thunderbird to crash, or potentially execute arbitrary code as the\n user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\n CVE-2008-0419)\n \n Several flaws were found in the way Thunderbird displayed malformed HTML\n mail content. A HTML mail message containing specially-crafted content\n could trick a user into surrendering sensitive information. (CVE-2008-0591,\n CVE-2008-0593)\n \n A flaw was found in the way Thunderbird handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious HTML mail\n message to steal sensitive session data. Note: this flaw does not affect a\n default installation of Thunderbird. (CVE-2008-0418)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n A flaw was found in the way Thunderbird saves certain text files. If a\n remote site offers a file of type "plain/text", rather than "text/plain",\n Thunderbird will not show future "text/plain" content to the user, forcing\n them to save those files locally to view the content. (CVE-2008-0592) \n \n Users of thunderbird are advised to upgrade to these updated packages,\n which contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014665.html\");\n script_id(880228);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0105\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0105 centos4 i386\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~8.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:46", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0105 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880203", "href": "http://plugins.openvas.org/nasl.php?oid=880203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0105 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the way Thunderbird processed certain malformed\n HTML mail content. A HTML mail message containing malicious content could\n cause Thunderbird to crash, or potentially execute arbitrary code as the\n user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\n CVE-2008-0419)\n \n Several flaws were found in the way Thunderbird displayed malformed HTML\n mail content. A HTML mail message containing specially-crafted content\n could trick a user into surrendering sensitive information. (CVE-2008-0591,\n CVE-2008-0593)\n \n A flaw was found in the way Thunderbird handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious HTML mail\n message to steal sensitive session data. Note: this flaw does not affect a\n default installation of Thunderbird. (CVE-2008-0418)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n A flaw was found in the way Thunderbird saves certain text files. If a\n remote site offers a file of type "plain/text", rather than "text/plain",\n Thunderbird will not show future "text/plain" content to the user, forcing\n them to save those files locally to view the content. (CVE-2008-0592) \n \n Users of thunderbird are advised to upgrade to these updated packages,\n which contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014671.html\");\n script_id(880203);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0105\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0105 centos5 i386\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~8.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:11", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2008:0105-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870047", "href": "http://plugins.openvas.org/nasl.php?oid=870047", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2008:0105-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the way Thunderbird processed certain malformed\n HTML mail content. A HTML mail message containing malicious content could\n cause Thunderbird to crash, or potentially execute arbitrary code as the\n user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\n CVE-2008-0419)\n \n Several flaws were found in the way Thunderbird displayed malformed HTML\n mail content. A HTML mail message containing specially-crafted content\n could trick a user into surrendering sensitive information. (CVE-2008-0591,\n CVE-2008-0593)\n \n A flaw was found in the way Thunderbird handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious HTML mail\n message to steal sensitive session data. Note: this flaw does not affect a\n default installation of Thunderbird. (CVE-2008-0418)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n A flaw was found in the way Thunderbird saves certain text files. If a\n remote site offers a file of type "plain/text", rather than "text/plain",\n Thunderbird will not show future "text/plain" content to the user, forcing\n them to save those files locally to view the content. (CVE-2008-0592) \n \n Users of thunderbird are advised to upgrade to these updated packages,\n which contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-February/msg00003.html\");\n script_id(870047);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0105-01\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"RedHat Update for thunderbird RHSA-2008:0105-01\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~1.5.0.12~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:46", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0105 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880271", "href": "http://plugins.openvas.org/nasl.php?oid=880271", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0105 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the way Thunderbird processed certain malformed\n HTML mail content. A HTML mail message containing malicious content could\n cause Thunderbird to crash, or potentially execute arbitrary code as the\n user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\n CVE-2008-0419)\n \n Several flaws were found in the way Thunderbird displayed malformed HTML\n mail content. A HTML mail message containing specially-crafted content\n could trick a user into surrendering sensitive information. (CVE-2008-0591,\n CVE-2008-0593)\n \n A flaw was found in the way Thunderbird handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious HTML mail\n message to steal sensitive session data. Note: this flaw does not affect a\n default installation of Thunderbird. (CVE-2008-0418)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n A flaw was found in the way Thunderbird saves certain text files. If a\n remote site offers a file of type "plain/text", rather than "text/plain",\n Thunderbird will not show future "text/plain" content to the user, forcing\n them to save those files locally to view the content. (CVE-2008-0592) \n \n Users of thunderbird are advised to upgrade to these updated packages,\n which contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014672.html\");\n script_id(880271);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0105\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0105 centos5 x86_64\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~8.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:03", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2008:0105 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880270", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880270", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2008:0105 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the way Thunderbird processed certain malformed\n HTML mail content. A HTML mail message containing malicious content could\n cause Thunderbird to crash, or potentially execute arbitrary code as the\n user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\n CVE-2008-0419)\n \n Several flaws were found in the way Thunderbird displayed malformed HTML\n mail content. A HTML mail message containing specially-crafted content\n could trick a user into surrendering sensitive information. (CVE-2008-0591,\n CVE-2008-0593)\n \n A flaw was found in the way Thunderbird handles certain chrome URLs. If a\n user has certain extensions installed, it could allow a malicious HTML mail\n message to steal sensitive session data. Note: this flaw does not affect a\n default installation of Thunderbird. (CVE-2008-0418)\n \n Note: JavaScript support is disabled by default in Thunderbird; the above\n issues are not exploitable unless JavaScript is enabled.\n \n A flaw was found in the way Thunderbird saves certain text files. If a\n remote site offers a file of type "plain/text", rather than "text/plain",\n Thunderbird will not show future "text/plain" content to the user, forcing\n them to save those files locally to view the content. (CVE-2008-0592) \n \n Users of thunderbird are advised to upgrade to these updated packages,\n which contain backported patches to resolve these issues.\";\n\ntag_affected = \"thunderbird on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-February/014666.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880270\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0105\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_name( \"CentOS Update for thunderbird CESA-2008:0105 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~8.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:00", "description": "Check for the Version of ruby-gnome2", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for ruby-gnome2 FEDORA-2008-1535", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2007-6183", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860269", "href": "http://plugins.openvas.org/nasl.php?oid=860269", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby-gnome2 FEDORA-2008-1535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ruby-gnome2 on Fedora 8\";\ntag_insight = \"This is a set of bindings for the GNOME-2.x libraries for use from Ruby.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00388.html\");\n script_id(860269);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1535\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0593\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0592\", \"CVE-2007-6183\", \"CVE-2008-0414\", \"CVE-2008-0594\");\n script_name( \"Fedora Update for ruby-gnome2 FEDORA-2008-1535\");\n\n script_summary(\"Check for the Version of ruby-gnome2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby-gnome2\", rpm:\"ruby-gnome2~0.16.0~20.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:02", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880000", "href": "http://plugins.openvas.org/nasl.php?oid=880000", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of some malformed web content. A\n web page containing such malicious content could cause SeaMonkey to crash\n or, potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)\n \n Several flaws were found in the display of malformed web content. A web\n page containing specially-crafted content could, potentially, trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-1234,\n CVE-2008-1238, CVE-2008-1241)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014784.html\");\n script_id(880000);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0208-01\");\n script_cve_id(\"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1241\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.14.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-12-08T14:21:29", "description": "The installed version of Firefox is affected by various security issues :\n\n - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption\n\n - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known.\n\n - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution.\n\n - An issue that could allow a malicious site to inject newlines into the application's password store when a user saves his password, resulting in corruption of saved passwords for other sites. \n\n - A directory traversal vulnerability via the 'chrome:' URI.\n\n - A vulnerability involving 'designMode' frames that may result in web browsing history and forward navigation stealing.\n\n - An information disclosure issue in the BMP decoder.\n\n - A file action dialog tampering vulnerability involving timer-enabled security dialogs.\n\n - Mis-handling of locally-saved plaintext files.\n\n - Possible disclosure of sensitive URL parameters, such as session tokens, via the .href property of stylesheet DOM nodes reflecting the final URI of the stylesheet after following any 302 redirects.\n\n - A failure to display a web forgery warning dialog in cases where the entire contents of a page are enclosed in a '<div>' with absolute positioning.\n\n - Multiple cross-site scripting vulnerabilities related to character encoding.", "cvss3": {}, "published": "2008-02-08T00:00:00", "type": "nessus", "title": "Firefox < 2.0.0.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_20012.NASL", "href": "https://www.tenable.com/plugins/nessus/30209", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(30209);\n script_version(\"1.21\");\n\n script_cve_id(\n \"CVE-2008-0412\", \n \"CVE-2008-0413\", \n \"CVE-2008-0414\", \n \"CVE-2008-0415\", \n \"CVE-2008-0416\",\n \"CVE-2008-0417\", \n \"CVE-2008-0418\", \n \"CVE-2008-0419\", \n \"CVE-2008-0420\", \n \"CVE-2008-0591\",\n \"CVE-2008-0592\", \n \"CVE-2008-0593\", \n \"CVE-2008-0594\"\n );\n script_bugtraq_id(24293, 27406, 27683, 27826, 29303);\n\n script_name(english:\"Firefox < 2.0.0.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is affected by various security\nissues :\n\n - Several stability bugs leading to crashes which, in\n some cases, show traces of memory corruption\n\n - Several file input focus stealing vulnerabilities\n that could result in uploading of arbitrary files\n provided their full path and file names are known.\n\n - Several issues that allow scripts from page content \n to escape from their sandboxed context and/or run \n with chrome privileges, resulting in privilege \n escalation, XSS, and/or remote code execution.\n\n - An issue that could allow a malicious site to inject\n newlines into the application's password store when\n a user saves his password, resulting in corruption\n of saved passwords for other sites. \n\n - A directory traversal vulnerability via the \n 'chrome:' URI.\n\n - A vulnerability involving 'designMode' frames that\n may result in web browsing history and forward \n navigation stealing.\n\n - An information disclosure issue in the BMP \n decoder.\n\n - A file action dialog tampering vulnerability\n involving timer-enabled security dialogs.\n\n - Mis-handling of locally-saved plaintext files.\n\n - Possible disclosure of sensitive URL parameters,\n such as session tokens, via the .href property of \n stylesheet DOM nodes reflecting the final URI of \n the stylesheet after following any 302 redirects.\n\n - A failure to display a web forgery warning \n dialog in cases where the entire contents of a page \n are enclosed in a '<div>' with absolute positioning.\n\n - Multiple cross-site scripting vulnerabilities \n related to character encoding.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-02/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-04/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-06/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-07/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-08/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-09/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-10/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-11/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 2.0.0.12 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/02/07\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'2.0.0.12', severity:SECURITY_HOLE);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:19:45", "description": "Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann' discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0415 'moz_bug_r_a4' and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation.\n\n - CVE-2008-0418 Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure.\n\n - CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure and potentially the execution of arbitrary code.\n\n - CVE-2008-0591 Michal Zalewski discovered that timers protecting security-sensitive dialogs (by disabling dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript.\n\nThe Mozilla products from the old stable distribution (sarge) are no longer supported with security updates.", "cvss3": {}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "Debian DSA-1485-2 : icedove - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedove", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1485.NASL", "href": "https://www.tenable.com/plugins/nessus/30225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1485. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30225);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_bugtraq_id(27406, 27683);\n script_xref(name:\"DSA\", value:\"1485\");\n\n script_name(english:\"Debian DSA-1485-2 : icedove - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0412\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats\n Palmgren and Paul Nickerson discovered crashes in the\n layout engine, which might allow the execution of\n arbitrary code.\n\n - CVE-2008-0413\n Carsten Book, Wesley Garland, Igor Bukanov,\n 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann'\n discovered crashes in the JavaScript engine, which might\n allow the execution of arbitrary code.\n\n - CVE-2008-0415\n 'moz_bug_r_a4' and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could\n allow privilege escalation.\n\n - CVE-2008-0418\n Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a\n directory traversal vulnerability in chrome: URI\n handling could lead to information disclosure.\n\n - CVE-2008-0419\n David Bloom discovered a race condition in the image\n handling of designMode elements, which can lead to\n information disclosure and potentially the execution of\n arbitrary code.\n\n - CVE-2008-0591\n Michal Zalewski discovered that timers protecting\n security-sensitive dialogs (by disabling dialog elements\n until a timeout is reached) could be bypassed by window\n focus changes through JavaScript.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1485\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"icedove\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-dbg\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-dev\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-gnome-support\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-inspector\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-dev\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-inspector\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-dbg\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-dev\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-gnome-support\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-inspector\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:21:19", "description": "Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-0412, CVE-2008-0413)\n\nFlaws were discovered in the file upload form control. A malicious website could force arbitrary files from the user's computer to be uploaded without consent. (CVE-2008-0414)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious web page, an attacker could escalate privileges within the browser, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges.\n(CVE-2008-0415)\n\nVarious flaws were discovered in character encoding handling. If a user were ticked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416)\n\nJustin Dolske discovered a flaw in the password saving mechanism. By tricking a user into opening a malicious web page, an attacker could corrupt the user's stored passwords. (CVE-2008-0417)\n\nGerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. (CVE-2008-0418)\n\nDavid Bloom discovered flaws in the way images are treated by the browser. A malicious website could exploit this to steal the user's history information, crash the browser and/or possibly execute arbitrary code with the user's privileges. (CVE-2008-0419)\n\nFlaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420)\n\nMichal Zalewski discovered flaws with timer-enabled security dialogs.\nA malicious website could force the user to confirm a security dialog without explicit consent. (CVE-2008-0591)\n\nIt was discovered that Firefox mishandled locally saved plain text files. By tricking a user into saving a specially crafted text file, an attacker could prevent the browser from displaying local files with a .txt extension. (CVE-2008-0592)\n\nMartin Straka discovered flaws in stylesheet handling after a 302 redirect. By tricking a user into opening a malicious web page, an attacker could obtain sensitive URL parameters. (CVE-2008-0593)\n\nEmil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog wasn't displayed under certain circumstances. A malicious website could exploit this to conduct phishing attacks against the user. (CVE-2008-0594).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:libnspr-dev", "p-cpe:/a:canonical:ubuntu_linux:libnspr4", "p-cpe:/a:canonical:ubuntu_linux:libnss-dev", "p-cpe:/a:canonical:ubuntu_linux:libnss3", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10"], "id": "UBUNTU_USN-576-1.NASL", "href": "https://www.tenable.com/plugins/nessus/30252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-576-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30252);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_xref(name:\"USN\", value:\"576-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various flaws were discovered in the browser and JavaScript engine. By\ntricking a user into opening a malicious web page, an attacker could\nexecute arbitrary code with the user's privileges. (CVE-2008-0412,\nCVE-2008-0413)\n\nFlaws were discovered in the file upload form control. A malicious\nwebsite could force arbitrary files from the user's computer to be\nuploaded without consent. (CVE-2008-0414)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a\nuser into opening a malicious web page, an attacker could escalate\nprivileges within the browser, perform cross-site scripting attacks\nand/or execute arbitrary code with the user's privileges.\n(CVE-2008-0415)\n\nVarious flaws were discovered in character encoding handling. If a\nuser were ticked into opening a malicious web page, an attacker could\nperform cross-site scripting attacks. (CVE-2008-0416)\n\nJustin Dolske discovered a flaw in the password saving mechanism. By\ntricking a user into opening a malicious web page, an attacker could\ncorrupt the user's stored passwords. (CVE-2008-0417)\n\nGerry Eisenhaur discovered that the chrome URI scheme did not properly\nguard against directory traversal. Under certain circumstances, an\nattacker may be able to load files or steal session data. Ubuntu is\nnot vulnerable in the default installation. (CVE-2008-0418)\n\nDavid Bloom discovered flaws in the way images are treated by the\nbrowser. A malicious website could exploit this to steal the user's\nhistory information, crash the browser and/or possibly execute\narbitrary code with the user's privileges. (CVE-2008-0419)\n\nFlaws were discovered in the BMP decoder. By tricking a user into\nopening a specially crafted BMP file, an attacker could obtain\nsensitive information. (CVE-2008-0420)\n\nMichal Zalewski discovered flaws with timer-enabled security dialogs.\nA malicious website could force the user to confirm a security dialog\nwithout explicit consent. (CVE-2008-0591)\n\nIt was discovered that Firefox mishandled locally saved plain text\nfiles. By tricking a user into saving a specially crafted text file,\nan attacker could prevent the browser from displaying local files with\na .txt extension. (CVE-2008-0592)\n\nMartin Straka discovered flaws in stylesheet handling after a 302\nredirect. By tricking a user into opening a malicious web page, an\nattacker could obtain sensitive URL parameters. (CVE-2008-0593)\n\nEmil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery\nwarning dialog wasn't displayed under certain circumstances. A\nmalicious website could exploit this to conduct phishing attacks\nagainst the user. (CVE-2008-0594).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/576-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dbg\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dom-inspector\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-gnome-support\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr4\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss3\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:48:35", "description": "A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.12.\n\nThis update provides the latest Firefox to correct these issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:048)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:deskbar-applet", "p-cpe:/a:mandriva:linux:devhelp", "p-cpe:/a:mandriva:linux:devhelp-plugins", "p-cpe:/a:mandriva:linux:eclipse-cvs-client", "p-cpe:/a:mandriva:linux:eclipse-ecj", "p-cpe:/a:mandriva:linux:eclipse-jdt", "p-cpe:/a:mandriva:linux:eclipse-jdt-sdk", "p-cpe:/a:mandriva:linux:eclipse-pde", "p-cpe:/a:mandriva:linux:eclipse-pde-runtime", "p-cpe:/a:mandriva:linux:eclipse-pde-sdk", "p-cpe:/a:mandriva:linux:eclipse-platform", "p-cpe:/a:mandriva:linux:eclipse-platform-sdk", "p-cpe:/a:mandriva:linux:eclipse-rcp", "p-cpe:/a:mandriva:linux:eclipse-rcp-sdk", "p-cpe:/a:mandriva:linux:eclipse-sdk", "p-cpe:/a:mandriva:linux:epiphany", "p-cpe:/a:mandriva:linux:epiphany-devel", "p-cpe:/a:mandriva:linux:epiphany-extensions", "p-cpe:/a:mandriva:linux:galeon", "p-cpe:/a:mandriva:linux:gnome-python-extras", "p-cpe:/a:mandriva:linux:gnome-python-gda", "p-cpe:/a:mandriva:linux:mozilla-firefox-af", "p-cpe:/a:mandriva:linux:mozilla-firefox-ar", "p-cpe:/a:mandriva:linux:mozilla-firefox-be", "p-cpe:/a:mandriva:linux:gnome-python-gda-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-bg", "p-cpe:/a:mandriva:linux:mozilla-firefox-br_fr", "p-cpe:/a:mandriva:linux:mozilla-firefox-ca", "p-cpe:/a:mandriva:linux:gnome-python-gdl", "p-cpe:/a:mandriva:linux:mozilla-firefox-cs", "p-cpe:/a:mandriva:linux:mozilla-firefox-da", "p-cpe:/a:mandriva:linux:gnome-python-gksu", "p-cpe:/a:mandriva:linux:mozilla-firefox-de", "p-cpe:/a:mandriva:linux:mozilla-firefox-el", "p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2", "p-cpe:/a:mandriva:linux:mozilla-firefox-en_gb", "p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed", "p-cpe:/a:mandriva:linux:mozilla-firefox-es_ar", "p-cpe:/a:mandriva:linux:mozilla-firefox-es_es", "p-cpe:/a:mandriva:linux:gnome-python-gtkspell", "p-cpe:/a:mandriva:linux:mozilla-firefox-et_ee", "p-cpe:/a:mandriva:linux:mozilla-firefox-eu", "p-cpe:/a:mandriva:linux:lib64devhelp-1-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks", "p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-fi", "p-cpe:/a:mandriva:linux:mozilla-firefox-fr", "p-cpe:/a:mandriva:linux:mozilla-firefox-fy", "p-cpe:/a:mandriva:linux:mozilla-firefox-ga", "p-cpe:/a:mandriva:linux:lib64mozilla-firefox-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-gnome-support", "p-cpe:/a:mandriva:linux:mozilla-firefox-gu_in", "p-cpe:/a:mandriva:linux:mozilla-firefox-he", "p-cpe:/a:mandriva:linux:lib64mozilla-firefox2.0.0.12", "p-cpe:/a:mandriva:linux:mozilla-firefox-hu", "p-cpe:/a:mandriva:linux:mozilla-firefox-it", "p-cpe:/a:mandriva:linux:mozilla-firefox-ja", "p-cpe:/a:mandriva:linux:lib64totem-plparser-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-ka", "p-cpe:/a:mandriva:linux:mozilla-firefox-ko", "p-cpe:/a:mandriva:linux:lib64totem-plparser1", "p-cpe:/a:mandriva:linux:mozilla-firefox-ku", "p-cpe:/a:mandriva:linux:mozilla-firefox-lt", "p-cpe:/a:mandriva:linux:lib64totem-plparser1-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-mk", "p-cpe:/a:mandriva:linux:mozilla-firefox-mn", "p-cpe:/a:mandriva:linux:lib64totem-plparser7", "p-cpe:/a:mandriva:linux:mozilla-firefox-nb_no", "p-cpe:/a:mandriva:linux:mozilla-firefox-nl", "p-cpe:/a:mandriva:linux:libdevhelp-1-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-nn_no", "p-cpe:/a:mandriva:linux:libdevhelp-1_0", "p-cpe:/a:mandriva:linux:mozilla-firefox-pa_in", "p-cpe:/a:mandriva:linux:mozilla-firefox-pl", "p-cpe:/a:mandriva:linux:mozilla-firefox-pt_br", "p-cpe:/a:mandriva:linux:mozilla-firefox-pt_pt", "p-cpe:/a:mandriva:linux:libdevhelp-1_0-devel", "p-cpe:/a:mandriva:linux:mozilla-firefox-ro", "p-cpe:/a:mandriva:linux:mozilla-firefox-ru", "p-cpe:/a:mandriva:linux:mozilla-firefox-sk", "p-cpe:/a:mandriva:linux:mozilla-firefox-sl", "p-cpe:/a:mandriva:linux:mozilla-firefox-sv_se", "p-cpe:/a:mandriva:linux:mozilla-firefox-tr", "p-cpe:/a:mandriva:linux:mozilla-firefox-uk", "p-cpe:/a:mandriva:linux:mozilla-firefox-zh_cn", "p-cpe:/a:mandriva:linux:mozilla-firefox-zh_tw", "p-cpe:/a:mandriva:linux:totem", "p-cpe:/a:mandriva:linux:totem-common", "p-cpe:/a:mandriva:linux:totem-gstreamer", "p-cpe:/a:mandriva:linux:libmozilla-firefox-devel", "p-cpe:/a:mandriva:linux:totem-mozilla", "p-cpe:/a:mandriva:linux:totem-mozilla-gstreamer", "p-cpe:/a:mandriva:linux:libmozilla-firefox2.0.0.12", "p-cpe:/a:mandriva:linux:yelp", "p-cpe:/a:mandriva:linux:libswt3-gtk2", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libtotem-plparser-devel", "p-cpe:/a:mandriva:linux:libtotem-plparser1", "p-cpe:/a:mandriva:linux:libtotem-plparser1-devel", "p-cpe:/a:mandriva:linux:libtotem-plparser7", "p-cpe:/a:mandriva:linux:mozilla-firefox"], "id": "MANDRIVA_MDVSA-2008-048.NASL", "href": "https://www.tenable.com/plugins/nessus/37189", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:048. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37189);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_xref(name:\"MDVSA\", value:\"2008:048\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:048)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of security vulnerabilities have been discovered and\ncorrected in the latest Mozilla Firefox program, version 2.0.0.12.\n\nThis update provides the latest Firefox to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-06.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-07.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-09.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-10.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-11.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:deskbar-applet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-cvs-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-ecj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-jdt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-jdt-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-pde-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-platform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-platform-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-rcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-rcp-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eclipse-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gksu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mozilla-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mozilla-firefox2.0.0.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64totem-plparser7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmozilla-firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmozilla-firefox2.0.0.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libswt3-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtotem-plparser7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-br_FR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"deskbar-applet-2.18.0-3.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"devhelp-0.13-3.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"devhelp-plugins-0.13-3.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-ecj-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-jdt-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-jdt-sdk-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-pde-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-pde-runtime-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-pde-sdk-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-platform-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-platform-sdk-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-rcp-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-rcp-sdk-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"eclipse-sdk-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"epiphany-2.18.0-5.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"epiphany-devel-2.18.0-5.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"epiphany-extensions-2.18.0-2.5mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"galeon-2.0.3-5.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-extras-2.14.3-4.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gda-2.14.3-4.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gda-devel-2.14.3-4.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gdl-2.14.3-4.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gksu-2.14.3-4.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gtkhtml2-2.14.3-4.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gtkmozembed-2.14.3-4.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"gnome-python-gtkspell-2.14.3-4.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.13-3.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-devel-0.13-3.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox-devel-2.0.0.12-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox2.0.0.12-2.0.0.12-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64totem-plparser1-2.18.2-1.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64totem-plparser1-devel-2.18.2-1.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.13-3.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libdevhelp-1_0-devel-0.13-3.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libmozilla-firefox-devel-2.0.0.12-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libmozilla-firefox2.0.0.12-2.0.0.12-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"libswt3-gtk2-3.2.2-3.4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libtotem-plparser1-2.18.2-1.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libtotem-plparser1-devel-2.18.2-1.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-2.0.0.12-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-af-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ar-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-be-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-bg-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-br_FR-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ca-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-cs-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-da-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-de-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-el-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-en_GB-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-es_AR-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-es_ES-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-et_EE-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-eu-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-fi-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-fr-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-fy-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ga-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-gu_IN-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-he-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-hu-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-it-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ja-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ka-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ko-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ku-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-lt-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-mk-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-mn-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-nb_NO-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-nl-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-nn_NO-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pa_IN-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pl-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pt_BR-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-pt_PT-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ro-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-ru-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-sk-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-sl-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-sv_SE-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-tr-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-uk-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-zh_CN-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mozilla-firefox-zh_TW-2.0.0.12-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-2.18.2-1.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-common-2.18.2-1.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-gstreamer-2.18.2-1.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-mozilla-2.18.2-1.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"totem-mozilla-gstreamer-2.18.2-1.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"yelp-2.18.0-3.6mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"devhelp-0.16-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"devhelp-plugins-0.16-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-cvs-client-3.3.0-0.20.8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-ecj-3.3.0-0.20.8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-jdt-3.3.0-0.20.8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-pde-3.3.0-0.20.8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-pde-runtime-3.3.0-0.20.8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-platform-3.3.0-0.20.8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"eclipse-rcp-3.3.0-0.20.8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"epiphany-2.20.0-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"epiphany-devel-2.20.0-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"galeon-2.0.3-7.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-extras-2.19.1-4.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gda-2.19.1-4.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gda-devel-2.19.1-4.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gdl-2.19.1-4.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gksu-2.19.1-4.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkhtml2-2.19.1-4.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkmozembed-2.19.1-4.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-python-gtkspell-2.19.1-4.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.16-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.16-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox-devel-2.0.0.12-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mozilla-firefox2.0.0.12-2.0.0.12-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64totem-plparser-devel-2.20.1-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64totem-plparser7-2.20.1-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.16-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.16-1.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmozilla-firefox-devel-2.0.0.12-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmozilla-firefox2.0.0.12-2.0.0.12-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libswt3-gtk2-3.3.0-0.20.8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtotem-plparser-devel-2.20.1-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtotem-plparser7-2.20.1-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-2.0.0.12-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-af-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ar-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-be-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-bg-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-br_FR-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ca-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-cs-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-da-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-de-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-el-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-en_GB-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-es_AR-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-es_ES-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-et_EE-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-eu-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-blogrovr-1.1.771-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-foxmarks-2.0.43-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ext-scribefire-1.4.2-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fi-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fr-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-fy-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ga-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-gnome-support-2.0.0.12-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-gu_IN-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-he-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-hu-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-it-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ja-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ka-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ko-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ku-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-lt-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-mk-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-mn-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nb_NO-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nl-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-nn_NO-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pa_IN-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pl-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pt_BR-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-pt_PT-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ro-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-ru-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sk-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sl-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-sv_SE-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-tr-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-uk-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-zh_CN-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-firefox-zh_TW-2.0.0.12-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-2.20.1-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-common-2.20.1-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-gstreamer-2.20.1-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-mozilla-2.20.1-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"totem-mozilla-gstreamer-2.20.1-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"yelp-2.20.0-3.2mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:21:17", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', SeaMonkey will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0104.NASL", "href": "https://www.tenable.com/plugins/nessus/30246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0104. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30246);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(24293, 27406, 27683);\n script_xref(name:\"RHSA\", value:\"2008:0104\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0104)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain\nmalformed web content. A webpage containing malicious content could\ncause SeaMonkey to crash, or potentially execute arbitrary code as the\nuser running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If\na user has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nSeaMonkey will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of SeaMonkey are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0104\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 94, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0104\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.9.el2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.9.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-devel-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-devel-1.0.9-9.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:21:29", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann' discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0414 'hong' and Gregory Fleischer discovered that file input focus vulnerabilities in the file upload control could allow information disclosure of local files.\n\n - CVE-2008-0415 'moz_bug_r_a4' and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation.\n\n - CVE-2008-0417 Justin Dolske discovered that the password storage mechanism could be abused by malicious websites to corrupt existing saved passwords.\n\n - CVE-2008-0418 Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure.\n\n - CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which could lead to information disclosure or potentially the execution of arbitrary code.\n\n - CVE-2008-0591 Michal Zalewski discovered that timers protecting security-sensitive dialogs (which disable dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript.\n\n - CVE-2008-0592 It was discovered that malformed content declarations of saved attachments could prevent a user from opening local files with a '.txt' file name, resulting in minor denial of service.\n\n - CVE-2008-0593 Martin Straka discovered that insecure stylesheet handling during redirects could lead to information disclosure.\n\n - CVE-2008-0594 Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing protections could be bypassed with <div> elements.", "cvss3": {}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "Debian DSA-1484-1 : xulrunner - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xulrunner", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1484.NASL", "href": "https://www.tenable.com/plugins/nessus/30224", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Sec

GLSA-200805-18 : Mozilla products: Multiple vulnerabilities

Description

Related