Vulners
Lucene search
MiracleLinux 3 : gnome-python2-extras-2.14.2-7.AXS3 (AXSA:2010-371:01)
| Reporter | Title | Published | Views | Family All 426 |
|---|---|---|---|---|
 | Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability | 9 Sep 201000:00 | – | zdt |
 | Mozilla Firefox 3.6.x < 3.6.2 Multiple Vulnerabilities | 23 Mar 201000:00 | – | nessus |
| Mozilla Firefox < 3.5.9 Multiple Vulnerabilities | 31 Mar 201000:00 | – | nessus |
| SeaMonkey < 2.0.4 Multiple Vulnerabilities | 31 Mar 201000:00 | – | nessus |
| Mozilla Thunderbird < 3.0.4 Multiple Vulnerabilities | 31 Mar 201000:00 | – | nessus |
| Mozilla Firefox 3.6.x < 3.6.3 RCE | 2 Apr 201000:00 | – | nessus |
| Mozilla Firefox < 3.5.10 Multiple Vulnerabilities | 23 Jun 201000:00 | – | nessus |
| Mozilla Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities | 23 Jun 201000:00 | – | nessus |
| SeaMonkey < 2.0.5 Multiple Vulnerabilities | 23 Jun 201000:00 | – | nessus |
| Mozilla Thunderbird < 3.0.5 Multiple Vulnerabilities | 23 Jun 201000:00 | – | nessus |
10
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2010-371:01.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(284250);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");
script_cve_id(
"CVE-2008-5913",
"CVE-2010-0182",
"CVE-2010-1121",
"CVE-2010-1125",
"CVE-2010-1196",
"CVE-2010-1197",
"CVE-2010-1198",
"CVE-2010-1199",
"CVE-2010-1200",
"CVE-2010-1202",
"CVE-2010-1203"
);
script_name(english:"MiracleLinux 3 : gnome-python2-extras-2.14.2-7.AXS3 (AXSA:2010-371:01)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2010-371:01 advisory.
The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It
should be used together with gnome-python.
Security issues fixed with this release:
CVE-2008-5913
An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a
temporary footprint when there is a current login to a web site, which makes it easier for remote
attackers to trick a user into acting upon a spoofed pop-up message, aka an in-session phishing attack.
NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However,
because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2010-0182
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before
3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of
content by XML documents, which allows attackers to bypass intended access restrictions via crafted
content.
CVE-2010-1121
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from
one document to another, which allows remote attackers to conduct use-after-free attacks and execute
arbitrary code via unspecified vectors involving improper interaction with garbage collection, as
demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
CVE-2010-1125
The JavaScript implementation in Mozilla Firefox 3.x allows remote attackers to send selected keystrokes
to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain
calls to the focus method.
CVE-2010-1196
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before
3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based
buffer overflow.
CVE-2010-1197
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly
handle situations in which both Content-Disposition: attachment and Content-Type: multipart are present in
HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded
HTML document.
CVE-2010-1198
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey
before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin
instances.
CVE-2010-1199
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x
before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute
arbitrary code via a large text value for a node.
CVE-2010-1200
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and
3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a
denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown
vectors.
CVE-2010-1202
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and
3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a
denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown
vectors.
CVE-2010-1203
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow
remote attackers to cause a denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unknown vectors.
Fixed bugs and Enhancements:
far too many to list here, please refer to the release notes available here:
http://mozilla.com/en-US/firefox/3.6.4/releasenotes/
http://mozilla.com/en-US/firefox/3.6/releasenotes/
Additional information:
Some plugins might not function anymore, they might have to be manually updated.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/1532");
script_set_attribute(attribute:"solution", value:
"Update the affected gnome-python2-extras and / or gnome-python2-gtkhtml2 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-1121");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2010-1197");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2009/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2010/06/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:gnome-python2-extras");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:gnome-python2-gtkhtml2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '3',
'pkgs': [
{'reference':'gnome-python2-extras-2.14.2-7.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'gnome-python2-gtkhtml2-2.14.2-7.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gnome-python2-extras / gnome-python2-gtkhtml2');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Jan 2026 00:00Current
9.2High risk
Vulners AI Score9.2
CVSS 210
EPSS0.42703