{"id": "ORACLELINUX_ELSA-2010-0544.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 4 : thunderbird (ELSA-2010-0544)", "description": "From Red Hat Security Advisory 2010:0544 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.", "published": "2013-07-12T00:00:00", "modified": "2013-07-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/68066", "reporter": "This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-July/001551.html"], "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "type": "nessus", "lastseen": "2021-01-17T12:45:12", "edition": 25, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310880389", "OPENVAS:880600", "OPENVAS:1361412562310880387", "OPENVAS:880387", "OPENVAS:1361412562310870254", "OPENVAS:870291", "OPENVAS:880389", "OPENVAS:1361412562310880600", "OPENVAS:1361412562310870291", "OPENVAS:870254"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0544.NASL", "SL_20100622_SEAMONKEY_ON_SL3_X.NASL", "REDHAT-RHSA-2010-0545.NASL", "CENTOS_RHSA-2010-0332.NASL", "CENTOS_RHSA-2010-0545.NASL", "SL_20100330_SEAMONKEY_ON_SL3_X.NASL", "REDHAT-RHSA-2010-0544.NASL", "DEBIAN_DSA-2027.NASL", "SL_20100720_THUNDERBIRD_ON_SL4_X.NASL", "SL_20100720_THUNDERBIRD_ON_SL5_X.NASL"]}, {"type": "centos", "idList": ["CESA-2010:0544", "CESA-2010:0546", "CESA-2010:0545", "CESA-2010:0332", "CESA-2010:0333", "CESA-2010:0499"]}, {"type": "redhat", "idList": ["RHSA-2010:0333", "RHSA-2010:0499", "RHSA-2010:0544", "RHSA-2010:0546", "RHSA-2010:0332", "RHSA-2010:0545"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0333", "ELSA-2010-0546", "ELSA-2010-0499", "ELSA-2010-0332", "ELSA-2010-0544"]}, {"type": "cve", "idList": ["CVE-2010-1214", "CVE-2010-1199", "CVE-2010-1211", "CVE-2010-2754", "CVE-2010-0174", "CVE-2010-1198", "CVE-2010-0177", "CVE-2010-0176", "CVE-2010-2753", "CVE-2010-1197"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23542", "SECURITYVULNS:VULN:10744"]}, {"type": "ubuntu", "idList": ["USN-920-1"]}, {"type": "debian", "idList": ["DEBIAN:57EB2EE5530CFF9138E7023380130022:B480D", "DEBIAN:DSA-2027-1:5873C"]}, {"type": "fedora", "idList": ["FEDORA:B547211022F", "FEDORA:0A2B4110571", "FEDORA:4CE0D10FED7", "FEDORA:E9F2A10F962", "FEDORA:C109B1101CA", "FEDORA:B89AA11069B", "FEDORA:F0B7610FD87", "FEDORA:E004C1105DC", "FEDORA:0D25A1105FD", "FEDORA:BCD0C11000D"]}], "modified": "2021-01-17T12:45:12", "rev": 2}, "score": {"value": 9.0, "vector": "NONE", "modified": "2021-01-17T12:45:12", "rev": 2}, "vulnersScore": 9.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0544 and \n# Oracle Linux Security Advisory ELSA-2010-0544 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68066);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_bugtraq_id(39079, 39122, 39123, 39128, 39133, 41082, 41090, 41102, 41103, 41824);\n script_xref(name:\"RHSA\", value:\"2010:0544\");\n\n script_name(english:\"Oracle Linux 4 : thunderbird (ELSA-2010-0544)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0544 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001551.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"thunderbird-1.5.0.12-28.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "68066", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:4"], "scheme": null}

{"openvas": [{"lastseen": "2017-12-15T11:58:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "description": "Check for the Version of thunderbird", "modified": "2017-12-15T00:00:00", "published": "2010-07-23T00:00:00", "id": "OPENVAS:870291", "href": "http://plugins.openvas.org/nasl.php?oid=870291", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2010:0544-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2010:0544-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed HTML mail content.\n An HTML mail message containing malicious content could cause Thunderbird\n to crash or, potentially, execute arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\n CVE-2010-1214, CVE-2010-2753)\n \n An integer overflow flaw was found in the processing of malformed HTML mail\n content. An HTML mail message containing malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code with the\n privileges of the user running Thunderbird. (CVE-2010-1199)\n \n Several use-after-free flaws were found in Thunderbird. Viewing an HTML\n mail message containing malicious content could result in Thunderbird\n executing arbitrary code with the privileges of the user running\n Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n \n A flaw was found in the way Thunderbird plug-ins interact. It was possible\n for a plug-in to reference the freed memory from a different plug-in,\n resulting in the execution of arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-1198)\n \n A flaw was found in the way Thunderbird handled the &quot;Content-Disposition:\n attachment&quot; HTTP header when the &quot;Content-Type: multipart&quot; HTTP header was\n also present. Loading remote HTTP content that allows arbitrary uploads and\n relies on the &quot;Content-Disposition: attachment&quot; HTTP header to prevent\n content from being displayed inline, could be used by an attacker to serve\n malicious content to users. (CVE-2010-1197)\n \n A same-origin policy bypass flaw was found in Thunderbird. Remote HTML\n content could steal private data from different remote HTML content\n Thunderbird has loaded. (CVE-2010-2754)\n \n All Thunderbird users should upgrade to this updated package, which\n resolves these issues. All running instances of Thunderbird must be\n restarted for the update to take effect.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00011.html\");\n script_id(870291);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0544-01\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_name(\"RedHat Update for thunderbird RHSA-2010:0544-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~28.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~1.5.0.12~28.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:05:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "description": "Check for the Version of thunderbird", "modified": "2018-01-04T00:00:00", "published": "2010-07-23T00:00:00", "id": "OPENVAS:1361412562310870291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870291", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2010:0544-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2010:0544-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed HTML mail content.\n An HTML mail message containing malicious content could cause Thunderbird\n to crash or, potentially, execute arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\n CVE-2010-1214, CVE-2010-2753)\n \n An integer overflow flaw was found in the processing of malformed HTML mail\n content. An HTML mail message containing malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code with the\n privileges of the user running Thunderbird. (CVE-2010-1199)\n \n Several use-after-free flaws were found in Thunderbird. Viewing an HTML\n mail message containing malicious content could result in Thunderbird\n executing arbitrary code with the privileges of the user running\n Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n \n A flaw was found in the way Thunderbird plug-ins interact. It was possible\n for a plug-in to reference the freed memory from a different plug-in,\n resulting in the execution of arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-1198)\n \n A flaw was found in the way Thunderbird handled the &quot;Content-Disposition:\n attachment&quot; HTTP header when the &quot;Content-Type: multipart&quot; HTTP header was\n also present. Loading remote HTTP content that allows arbitrary uploads and\n relies on the &quot;Content-Disposition: attachment&quot; HTTP header to prevent\n content from being displayed inline, could be used by an attacker to serve\n malicious content to users. (CVE-2010-1197)\n \n A same-origin policy bypass flaw was found in Thunderbird. Remote HTML\n content could steal private data from different remote HTML content\n Thunderbird has loaded. (CVE-2010-2754)\n \n All Thunderbird users should upgrade to this updated package, which\n resolves these issues. All running instances of Thunderbird must be\n restarted for the update to take effect.\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00011.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870291\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0544-01\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_name(\"RedHat Update for thunderbird RHSA-2010:0544-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~1.5.0.12~28.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~1.5.0.12~28.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1205", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "description": "Check for the Version of thunderbird", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880600", "href": "http://plugins.openvas.org/nasl.php?oid=880600", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2010:0545 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2010:0545 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A memory corruption flaw was found in the way Thunderbird decoded certain\n PNG images. An attacker could create a mail message containing a\n specially-crafted PNG image that, when opened, could cause Thunderbird to\n crash or, potentially, execute arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-1205)\n \n Several flaws were found in the processing of malformed HTML mail content.\n An HTML mail message containing malicious content could cause Thunderbird\n to crash or, potentially, execute arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\n CVE-2010-1214, CVE-2010-2753)\n \n An integer overflow flaw was found in the processing of malformed HTML mail\n content. An HTML mail message containing malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code with the\n privileges of the user running Thunderbird. (CVE-2010-1199)\n \n Several use-after-free flaws were found in Thunderbird. Viewing an HTML\n mail message containing malicious content could result in Thunderbird\n executing arbitrary code with the privileges of the user running\n Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n \n A flaw was found in the way Thunderbird plug-ins interact. It was possible\n for a plug-in to reference the freed memory from a different plug-in,\n resulting in the execution of arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-1198)\n \n A flaw was found in the way Thunderbird handled the &quot;Content-Disposition:\n attachment&quot; HTTP header when the &quot;Content-Type: multipart&quot; HTTP header was\n also present. Loading remote HTTP content that allows arbitrary uploads and\n relies on the &quot;Content-Disposition: attachment&quot; HTTP header to prevent\n content from being displayed inline, could be used by an attacker to serve\n malicious content to users. (CVE-2010-1197)\n \n A same-origin policy bypass flaw was found in Thunderbird. Remote HTML\n content could steal private data from different remote HTML content\n Thunderbird has loaded. (CVE-2010-2754)\n \n All Thunderbird users should upgrade to this updated package, which\n resolves these issues. All running instances of Thunderbird must be\n restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"thunderbird on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-July/016820.html\");\n script_id(880600);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0545\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1205\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_name(\"CentOS Update for thunderbird CESA-2010:0545 centos5 i386\");\n\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~2.0.0.24~6.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1205", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880600", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2010:0545 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2010:0545 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-July/016820.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880600\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2010:0545\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1205\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_name(\"CentOS Update for thunderbird CESA-2010:0545 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A memory corruption flaw was found in the way Thunderbird decoded certain\n PNG images. An attacker could create a mail message containing a\n specially-crafted PNG image that, when opened, could cause Thunderbird to\n crash or, potentially, execute arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-1205)\n\n Several flaws were found in the processing of malformed HTML mail content.\n An HTML mail message containing malicious content could cause Thunderbird\n to crash or, potentially, execute arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\n CVE-2010-1214, CVE-2010-2753)\n\n An integer overflow flaw was found in the processing of malformed HTML mail\n content. An HTML mail message containing malicious content could cause\n Thunderbird to crash or, potentially, execute arbitrary code with the\n privileges of the user running Thunderbird. (CVE-2010-1199)\n\n Several use-after-free flaws were found in Thunderbird. Viewing an HTML\n mail message containing malicious content could result in Thunderbird\n executing arbitrary code with the privileges of the user running\n Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\n A flaw was found in the way Thunderbird plug-ins interact. It was possible\n for a plug-in to reference the freed memory from a different plug-in,\n resulting in the execution of arbitrary code with the privileges of the\n user running Thunderbird. (CVE-2010-1198)\n\n A flaw was found in the way Thunderbird handled the 'Content-Disposition:\n attachment' HTTP header when the 'Content-Type: multipart' HTTP header was\n also present. Loading remote HTTP content that allows arbitrary uploads and\n relies on the 'Content-Disposition: attachment' HTTP header to prevent\n content from being displayed inline, could be used by an attacker to serve\n malicious content to users. (CVE-2010-1197)\n\n A same-origin policy bypass flaw was found in Thunderbird. Remote HTML\n content could steal private data from different remote HTML content\n Thunderbird has loaded. (CVE-2010-2754)\n\n All Thunderbird users should upgrade to this updated package, which\n resolves these issues. All running instances of Thunderbird must be\n restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~2.0.0.24~6.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-21T11:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0177"], "description": "Check for the Version of seamonkey", "modified": "2017-12-20T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:1361412562310870254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870254", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2010:0333-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2010:0333-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several use-after-free flaws were found in SeaMonkey. Visiting a web page\n containing malicious content could result in SeaMonkey executing arbitrary\n code with the privileges of the user running SeaMonkey. (CVE-2010-0175,\n CVE-2010-0176, CVE-2010-0177)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2010-0174)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00043.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870254\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0333-01\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\");\n script_name(\"RedHat Update for seamonkey RHSA-2010:0333-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0177"], "description": "Check for the Version of seamonkey", "modified": "2018-01-19T00:00:00", "published": "2010-04-09T00:00:00", "id": "OPENVAS:1361412562310880389", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880389", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0333 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2010:0333 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several use-after-free flaws were found in SeaMonkey. Visiting a web page\n containing malicious content could result in SeaMonkey executing arbitrary\n code with the privileges of the user running SeaMonkey. (CVE-2010-0175,\n CVE-2010-0176, CVE-2010-0177)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2010-0174)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-April/016617.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880389\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0333\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\");\n script_name(\"CentOS Update for seamonkey CESA-2010:0333 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0177"], "description": "Check for the Version of seamonkey", "modified": "2018-01-01T00:00:00", "published": "2010-04-09T00:00:00", "id": "OPENVAS:1361412562310880387", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880387", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0333 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2010:0333 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several use-after-free flaws were found in SeaMonkey. Visiting a web page\n containing malicious content could result in SeaMonkey executing arbitrary\n code with the privileges of the user running SeaMonkey. (CVE-2010-0175,\n CVE-2010-0176, CVE-2010-0177)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2010-0174)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-April/016621.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880387\");\n script_version(\"$Revision: 8266 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 08:28:32 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0333\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\");\n script_name(\"CentOS Update for seamonkey CESA-2010:0333 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0177"], "description": "Check for the Version of seamonkey", "modified": "2017-12-14T00:00:00", "published": "2010-04-09T00:00:00", "id": "OPENVAS:880387", "href": "http://plugins.openvas.org/nasl.php?oid=880387", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0333 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2010:0333 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several use-after-free flaws were found in SeaMonkey. Visiting a web page\n containing malicious content could result in SeaMonkey executing arbitrary\n code with the privileges of the user running SeaMonkey. (CVE-2010-0175,\n CVE-2010-0176, CVE-2010-0177)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2010-0174)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-April/016621.html\");\n script_id(880387);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0333\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\");\n script_name(\"CentOS Update for seamonkey CESA-2010:0333 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~54.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0177"], "description": "Check for the Version of seamonkey", "modified": "2017-12-21T00:00:00", "published": "2010-04-09T00:00:00", "id": "OPENVAS:880389", "href": "http://plugins.openvas.org/nasl.php?oid=880389", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0333 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2010:0333 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several use-after-free flaws were found in SeaMonkey. Visiting a web page\n containing malicious content could result in SeaMonkey executing arbitrary\n code with the privileges of the user running SeaMonkey. (CVE-2010-0175,\n CVE-2010-0176, CVE-2010-0177)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2010-0174)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-April/016617.html\");\n script_id(880389);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0333\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\");\n script_name(\"CentOS Update for seamonkey CESA-2010:0333 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.52.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:11:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0177"], "description": "Check for the Version of seamonkey", "modified": "2017-12-11T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:870254", "href": "http://plugins.openvas.org/nasl.php?oid=870254", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2010:0333-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2010:0333-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several use-after-free flaws were found in SeaMonkey. Visiting a web page\n containing malicious content could result in SeaMonkey executing arbitrary\n code with the privileges of the user running SeaMonkey. (CVE-2010-0175,\n CVE-2010-0176, CVE-2010-0177)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2010-0174)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00043.html\");\n script_id(870254);\n script_version(\"$Revision: 8068 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-11 07:31:34 +0100 (Mon, 11 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0333-01\");\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\");\n script_name(\"RedHat Update for seamonkey RHSA-2010:0333-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~54.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.52.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "description": "[1.5.0.12-28.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n- Replaced clean.gif in tarball\n[1.5.0.12-28]\n- Added fixes from 1.9.1.11\n[1.5.0.12-26]\n- Added patches from 1.9.1.10 ", "edition": 4, "modified": "2010-07-21T00:00:00", "published": "2010-07-21T00:00:00", "id": "ELSA-2010-0544", "href": "http://linux.oracle.com/errata/ELSA-2010-0544.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:45", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0177"], "description": "[1.0.9-54.0.1.el4_8]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and removed corresponding RedHat ones\n[1.0.9-54.el4]\n- Added fix for mozbz#497056\n[1.0.9-53.el4]\n- Added fixes from 1.9.0.19 ", "edition": 4, "modified": "2010-03-30T00:00:00", "published": "2010-03-30T00:00:00", "id": "ELSA-2010-0333", "href": "http://linux.oracle.com/errata/ELSA-2010-0333.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:35", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1200", "CVE-2010-1197", "CVE-2010-0163", "CVE-2010-1199", "CVE-2010-1198"], "description": "[1.0.9-58.0.1.el4_8]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and emoved corresponding RedHat ones\n[1.0.9-58.el4]\n- Added fix for mozbz#555109\n[1.0.9-57.el4]\n- Added fixes from 1.9.1.10\n[1.0.9-55.el4]\n- Added fix for mozbz#537356 ", "edition": 4, "modified": "2010-06-22T00:00:00", "published": "2010-06-22T00:00:00", "id": "ELSA-2010-0499", "href": "http://linux.oracle.com/errata/ELSA-2010-0499.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0178", "CVE-2010-0177", "CVE-2010-0179"], "description": "firefox:\r\n \n[3.0.19-1.0.1.el5_5]\r\n- Update firstrun and homepage URLs in specfile\r\n- Added patch oracle-firefox-branding.patch\r\n- Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html\r\n and removed the corresponding RedHat ones\r\n \n[3.0.19-1]\r\n- Update to 3.0.19\r\n \nxulrunner:\r\n \n[1.9.0.19-1.0.1.el5_5]\r\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\r\n RedHat one.\r\n \n[1.9.0.19-1]\r\n- Update to 1.9.0.19", "edition": 4, "modified": "2010-03-31T00:00:00", "published": "2010-03-31T00:00:00", "id": "ELSA-2010-0332", "href": "http://linux.oracle.com/errata/ELSA-2010-0332.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-2754"], "description": "[1.0.9-60.0.1.el4]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and emoved corresponding RedHat ones\n[1.0.9-60.el4]\n- Added fixes from 1.9.1.11\n[1.0.9-59.el4]\n- Added fix for mozbz#570451 ", "edition": 4, "modified": "2010-07-21T00:00:00", "published": "2010-07-21T00:00:00", "id": "ELSA-2010-0546", "href": "http://linux.oracle.com/errata/ELSA-2010-0546.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1211", "CVE-2010-1214", "CVE-2010-2753", "CVE-2010-2754"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2017-09-08T12:13:55", "published": "2010-07-20T04:00:00", "id": "RHSA-2010:0544", "href": "https://access.redhat.com/errata/RHSA-2010:0544", "type": "redhat", "title": "(RHSA-2010:0544) Moderate: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-1214", "CVE-2010-2753", "CVE-2010-2754"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded certain\nPNG images. An attacker could create a mail message containing a\nspecially-crafted PNG image that, when opened, could cause Thunderbird to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2017-09-08T11:54:27", "published": "2010-07-20T04:00:00", "id": "RHSA-2010:0545", "href": "https://access.redhat.com/errata/RHSA-2010:0545", "type": "redhat", "title": "(RHSA-2010:0545) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177"], "description": "SeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral use-after-free flaws were found in SeaMonkey. Visiting a web page\ncontaining malicious content could result in SeaMonkey executing arbitrary\ncode with the privileges of the user running SeaMonkey. (CVE-2010-0175,\nCVE-2010-0176, CVE-2010-0177)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-0174)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "modified": "2018-05-26T04:26:17", "published": "2010-03-30T04:00:00", "id": "RHSA-2010:0333", "href": "https://access.redhat.com/errata/RHSA-2010:0333", "type": "redhat", "title": "(RHSA-2010:0333) Critical: seamonkey security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:01", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0163", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200"], "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1200)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1198)\n\nAn integer overflow flaw was found in the processing of malformed web\ncontent. A web page containing malicious content could cause SeaMonkey to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-1199)\n\nA flaw was found in the way SeaMonkey processed mail attachments. A\nspecially-crafted mail message could cause SeaMonkey to crash.\n(CVE-2010-0163)\n\nA flaw was found in the way SeaMonkey handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "modified": "2018-05-26T04:26:18", "published": "2010-06-22T04:00:00", "id": "RHSA-2010:0499", "href": "https://access.redhat.com/errata/RHSA-2010:0499", "type": "redhat", "title": "(RHSA-2010:0499) Critical: seamonkey security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-0178", "CVE-2010-0179"], "description": "Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral use-after-free flaws were found in Firefox. Visiting a web page\ncontaining malicious content could result in Firefox executing arbitrary\ncode with the privileges of the user running Firefox. (CVE-2010-0175,\nCVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in Firefox that could allow an applet to generate a drag\nand drop action from a mouse click. Such an action could be used to execute\narbitrary JavaScript with the privileges of the user running Firefox.\n(CVE-2010-0178)\n\nA privilege escalation flaw was found in Firefox when the Firebug add-on is\nin use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome\nprivilege escalation flaw that could be used to execute arbitrary\nJavaScript with the privileges of the user running Firefox. (CVE-2010-0179)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-0174)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.19. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.19, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2017-09-08T12:07:11", "published": "2010-03-30T04:00:00", "id": "RHSA-2010:0332", "href": "https://access.redhat.com/errata/RHSA-2010:0332", "type": "redhat", "title": "(RHSA-2010:0332) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:43", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1205", "CVE-2010-1211", "CVE-2010-1214", "CVE-2010-2751", "CVE-2010-2753", "CVE-2010-2754"], "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214)\n\nA memory corruption flaw was found in the way SeaMonkey decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause SeaMonkey to crash or, potentially, execute arbitrary\ncode with the privileges of the user running SeaMonkey. (CVE-2010-1205)\n\nA same-origin policy bypass flaw was found in SeaMonkey. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with SeaMonkey.\n(CVE-2010-2754)\n\nA flaw was found in the way SeaMonkey displayed the location bar when\nvisiting a secure web page. A malicious server could use this flaw to\npresent data that appears to originate from a secure server, even though it\ndoes not. (CVE-2010-2751)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "modified": "2018-05-26T04:26:18", "published": "2010-07-20T04:00:00", "id": "RHSA-2010:0546", "href": "https://access.redhat.com/errata/RHSA-2010:0546", "type": "redhat", "title": "(RHSA-2010:0546) Critical: seamonkey security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T13:44:57", "description": "Several flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll running instances of Thunderbird must be restarted for the update\nto take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100720_THUNDERBIRD_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60821);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll running instances of Thunderbird must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=2366\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39e526b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"thunderbird-1.5.0.12-28.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:01", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.", "edition": 28, "published": "2010-07-28T00:00:00", "title": "RHEL 4 : thunderbird (RHSA-2010:0544)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "modified": "2010-07-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2010-0544.NASL", "href": "https://www.tenable.com/plugins/nessus/47879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0544. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47879);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_bugtraq_id(39079, 39122, 39123, 39128, 39133, 41082, 41090, 41102, 41103, 41824);\n script_xref(name:\"RHSA\", value:\"2010:0544\");\n\n script_name(english:\"RHEL 4 : thunderbird (RHSA-2010:0544)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0544\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0544\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"thunderbird-1.5.0.12-28.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:27", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.", "edition": 27, "published": "2010-08-09T00:00:00", "title": "CentOS 4 : thunderbird (CESA-2010:0544)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "modified": "2010-08-09T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS_RHSA-2010-0544.NASL", "href": "https://www.tenable.com/plugins/nessus/48266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0544 and \n# CentOS Errata and Security Advisory 2010:0544 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48266);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n script_bugtraq_id(39079, 39122, 39123, 39128, 39133, 41082, 41090, 41102, 41103, 41824);\n script_xref(name:\"RHSA\", value:\"2010:0544\");\n\n script_name(english:\"CentOS 4 : thunderbird (CESA-2010:0544)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016886.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd6a7453\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016887.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?447c8e61\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"thunderbird-1.5.0.12-28.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"thunderbird-1.5.0.12-28.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:58", "description": "A memory corruption flaw was found in the way Thunderbird decoded\ncertain PNG images. An attacker could create a mail message containing\na specially crafted PNG image that, when opened, could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll running instances of Thunderbird must be restarted for the update\nto take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1205", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100720_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60822);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1205\", \"CVE-2010-1211\", \"CVE-2010-1214\", \"CVE-2010-2753\", \"CVE-2010-2754\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory corruption flaw was found in the way Thunderbird decoded\ncertain PNG images. An attacker could create a mail message containing\na specially crafted PNG image that, when opened, could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll running instances of Thunderbird must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=2494\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef4d3f92\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-2.0.0.24-6.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:44", "description": "Several use-after-free flaws were found in SeaMonkey. Visiting a web\npage containing malicious content could result in SeaMonkey executing\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-0174)\n\nAfter installing the update, SeaMonkey must be restarted for the\nchanges to take effect.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0177"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100330_SEAMONKEY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60773", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60773);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several use-after-free flaws were found in SeaMonkey. Visiting a web\npage containing malicious content could result in SeaMonkey executing\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-0174)\n\nAfter installing the update, SeaMonkey must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1003&L=scientific-linux-errata&T=0&P=3568\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?761c5983\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-1.0.9-0.52.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-chat-1.0.9-0.52.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-devel-1.0.9-0.52.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.52.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-js-debugger-1.0.9-0.52.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-mail-1.0.9-0.52.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-1.0.9-0.52.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.52.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-1.0.9-0.52.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-devel-1.0.9-0.52.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-54.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-54.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-54.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-54.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-54.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-54.el4_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:53", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-1200)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running SeaMonkey. (CVE-2010-1198)\n\nAn integer overflow flaw was found in the processing of malformed web\ncontent. A web page containing malicious content could cause SeaMonkey\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running SeaMonkey. (CVE-2010-1199)\n\nA flaw was found in the way SeaMonkey processed mail attachments. A\nspecially crafted mail message could cause SeaMonkey to crash.\n(CVE-2010-0163)\n\nA flaw was found in the way SeaMonkey handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. A website that allows\narbitrary uploads and relies on the 'Content-Disposition: attachment'\nHTTP header to prevent content from being displayed inline, could be\nused by an attacker to serve malicious content to users.\n(CVE-2010-1197)\n\nAfter installing the update, SeaMonkey must be restarted for the\nchanges to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1200", "CVE-2010-1197", "CVE-2010-0163", "CVE-2010-1199", "CVE-2010-1198"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100622_SEAMONKEY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60809);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0163\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-1200)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running SeaMonkey. (CVE-2010-1198)\n\nAn integer overflow flaw was found in the processing of malformed web\ncontent. A web page containing malicious content could cause SeaMonkey\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running SeaMonkey. (CVE-2010-1199)\n\nA flaw was found in the way SeaMonkey processed mail attachments. A\nspecially crafted mail message could cause SeaMonkey to crash.\n(CVE-2010-0163)\n\nA flaw was found in the way SeaMonkey handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. A website that allows\narbitrary uploads and relies on the 'Content-Disposition: attachment'\nHTTP header to prevent content from being displayed inline, could be\nused by an attacker to serve malicious content to users.\n(CVE-2010-1197)\n\nAfter installing the update, SeaMonkey must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1006&L=scientific-linux-errata&T=0&P=1760\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f23ec6c3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-1.0.9-0.55.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-chat-1.0.9-0.55.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-devel-1.0.9-0.55.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.55.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-js-debugger-1.0.9-0.55.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-mail-1.0.9-0.55.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-1.0.9-0.55.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.55.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-1.0.9-0.55.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-devel-1.0.9-0.55.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-58.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-58.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-58.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-58.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-58.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-58.el4_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:27", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded\ncertain PNG images. An attacker could create a mail message containing\na specially crafted PNG image that, when opened, could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.", "edition": 28, "published": "2010-07-23T00:00:00", "title": "CentOS 5 : thunderbird (CESA-2010:0545)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0654", "CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1205", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1197", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-0177", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1199", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-1198", "CVE-2010-2760", "CVE-2010-2752"], "modified": "2010-07-23T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0545.NASL", "href": "https://www.tenable.com/plugins/nessus/47805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0545 and \n# CentOS Errata and Security Advisory 2010:0545 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47805);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0654\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1207\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1210\", \"CVE-2010-1211\", \"CVE-2010-1212\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-1215\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\", \"CVE-2010-2760\");\n script_bugtraq_id(39079, 39122, 39123, 39128, 39133, 41082, 41090, 41102, 41103, 41174, 41824);\n script_xref(name:\"RHSA\", value:\"2010:0545\");\n\n script_name(english:\"CentOS 5 : thunderbird (CESA-2010:0545)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded\ncertain PNG images. An attacker could create a mail message containing\na specially crafted PNG image that, when opened, could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95cd5b9d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016820.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c89acfd2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-2.0.0.24-6.el5.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:01", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded\ncertain PNG images. An attacker could create a mail message containing\na specially crafted PNG image that, when opened, could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.", "edition": 25, "published": "2013-01-24T00:00:00", "title": "RHEL 5 : thunderbird (RHSA-2010:0545)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0654", "CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1205", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1197", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-0177", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1199", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-1198", "CVE-2010-2760", "CVE-2010-2752"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2010-0545.NASL", "href": "https://www.tenable.com/plugins/nessus/63939", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0545. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63939);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0654\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1207\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1210\", \"CVE-2010-1211\", \"CVE-2010-1212\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-1215\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\", \"CVE-2010-2760\");\n script_bugtraq_id(39079, 39122, 39123, 39128, 39133, 41082, 41090, 41102, 41103, 41174, 41824);\n script_xref(name:\"RHSA\", value:\"2010:0545\");\n\n script_name(english:\"RHEL 5 : thunderbird (RHSA-2010:0545)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded\ncertain PNG images. An attacker could create a mail message containing\na specially crafted PNG image that, when opened, could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-0174,\nCVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML\nmail content. An HTML mail message containing malicious content could\ncause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an\nHTML mail message containing malicious content could result in\nThunderbird executing arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was\npossible for a plug-in to reference the freed memory from a different\nplug-in, resulting in the execution of arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the\n'Content-Disposition: attachment' HTTP header when the 'Content-Type:\nmultipart' HTTP header was also present. Loading remote HTTP content\nthat allows arbitrary uploads and relies on the 'Content-Disposition:\nattachment' HTTP header to prevent content from being displayed\ninline, could be used by an attacker to serve malicious content to\nusers. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1197.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1198.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1199.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1200.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1205.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1211.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2753.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2754.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0545.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-2.0.0.24-6.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-2.0.0.24-6.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:43", "description": "Several use-after-free flaws were found in Firefox. Visiting a web\npage containing malicious content could result in Firefox executing\narbitrary code with the privileges of the user running Firefox.\n(CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in Firefox that could allow an applet to generate a\ndrag and drop action from a mouse click. Such an action could be used\nto execute arbitrary JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-0178)\n\nA privilege escalation flaw was found in Firefox when the Firebug\nadd-on is in use. The XMLHttpRequestSpy module in the Firebug add-on\nexposes a Chrome privilege escalation flaw that could be used to\nexecute arbitrary JavaScript with the privileges of the user running\nFirefox. (CVE-2010-0179)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-0174)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0178", "CVE-2010-0177", "CVE-2010-0179"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100330_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60766", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60766);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several use-after-free flaws were found in Firefox. Visiting a web\npage containing malicious content could result in Firefox executing\narbitrary code with the privileges of the user running Firefox.\n(CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in Firefox that could allow an applet to generate a\ndrag and drop action from a mouse click. Such an action could be used\nto execute arbitrary JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-0178)\n\nA privilege escalation flaw was found in Firefox when the Firebug\nadd-on is in use. The XMLHttpRequestSpy module in the Firebug add-on\nexposes a Chrome privilege escalation flaw that could be used to\nexecute arbitrary JavaScript with the privileges of the user running\nFirefox. (CVE-2010-0179)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-0174)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1003&L=scientific-linux-errata&T=0&P=3942\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05bbc8b4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.0.19-1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:56", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2010-0174\n Jesse Ruderman and Ehsan Akhgari discovered crashes in\n the layout engine, which might allow the execution of\n arbitrary code.\n\n - CVE-2010-0175\n It was discovered that incorrect memory handling in the\n XUL event handler might allow the execution of arbitrary\n code.\n\n - CVE-2010-0176\n It was discovered that incorrect memory handling in the\n XUL event handler might allow the execution of arbitrary\n code.\n\n - CVE-2010-0177\n It was discovered that incorrect memory handling in the\n plugin code might allow the execution of arbitrary code.\n\n - CVE-2010-0178\n Paul Stone discovered that forced drag-and-drop events\n could lead to Chrome privilege escalation.\n\n - CVE-2010-0179\n It was discovered that a programming error in the\n XMLHttpRequestSpy module could lead to the execution of\n arbitrary code.", "edition": 26, "published": "2010-04-05T00:00:00", "title": "Debian DSA-2027-1 : xulrunner - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0178", "CVE-2010-0177", "CVE-2010-0179"], "modified": "2010-04-05T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:xulrunner"], "id": "DEBIAN_DSA-2027.NASL", "href": "https://www.tenable.com/plugins/nessus/45412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2027. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45412);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\");\n script_bugtraq_id(39124);\n script_xref(name:\"DSA\", value:\"2027\");\n\n script_name(english:\"Debian DSA-2027-1 : xulrunner - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2010-0174\n Jesse Ruderman and Ehsan Akhgari discovered crashes in\n the layout engine, which might allow the execution of\n arbitrary code.\n\n - CVE-2010-0175\n It was discovered that incorrect memory handling in the\n XUL event handler might allow the execution of arbitrary\n code.\n\n - CVE-2010-0176\n It was discovered that incorrect memory handling in the\n XUL event handler might allow the execution of arbitrary\n code.\n\n - CVE-2010-0177\n It was discovered that incorrect memory handling in the\n plugin code might allow the execution of arbitrary code.\n\n - CVE-2010-0178\n Paul Stone discovered that forced drag-and-drop events\n could lead to Chrome privilege escalation.\n\n - CVE-2010-0179\n It was discovered that a programming error in the\n XMLHttpRequestSpy module could lead to the execution of\n arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2027\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xulrunner packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libmozillainterfaces-java\", reference:\"1.9.0.19-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs-dev\", reference:\"1.9.0.19-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d\", reference:\"1.9.0.19-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d-dbg\", reference:\"1.9.0.19-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"python-xpcom\", reference:\"1.9.0.19-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"spidermonkey-bin\", reference:\"1.9.0.19-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9\", reference:\"1.9.0.19-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-dbg\", reference:\"1.9.0.19-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-gnome-support\", reference:\"1.9.0.19-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-dev\", reference:\"1.9.0.19-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:45", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0544\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028924.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028925.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0544.html", "edition": 3, "modified": "2010-08-06T23:32:55", "published": "2010-08-06T23:32:55", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/028924.html", "id": "CESA-2010:0544", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:36", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1205", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0545\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded certain\nPNG images. An attacker could create a mail message containing a\nspecially-crafted PNG image that, when opened, could cause Thunderbird to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/028857.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/028858.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 3, "modified": "2010-07-22T14:50:56", "published": "2010-07-22T14:50:56", "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/028857.html", "id": "CESA-2010:0545", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:19", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0177"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0333\n\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral use-after-free flaws were found in SeaMonkey. Visiting a web page\ncontaining malicious content could result in SeaMonkey executing arbitrary\ncode with the privileges of the user running SeaMonkey. (CVE-2010-0175,\nCVE-2010-0176, CVE-2010-0177)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-0174)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-April/028655.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-April/028656.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-April/028659.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-April/028660.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0333.html", "edition": 3, "modified": "2010-04-06T20:56:38", "published": "2010-04-06T20:47:36", "href": "http://lists.centos.org/pipermail/centos-announce/2010-April/028655.html", "id": "CESA-2010:0333", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:29", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1200", "CVE-2010-1197", "CVE-2010-0163", "CVE-2010-1199", "CVE-2010-1198"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0499\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1200)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1198)\n\nAn integer overflow flaw was found in the processing of malformed web\ncontent. A web page containing malicious content could cause SeaMonkey to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-1199)\n\nA flaw was found in the way SeaMonkey processed mail attachments. A\nspecially-crafted mail message could cause SeaMonkey to crash.\n(CVE-2010-0163)\n\nA flaw was found in the way SeaMonkey handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028950.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028951.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/028827.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/028828.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0499.html", "edition": 3, "modified": "2010-08-16T20:02:07", "published": "2010-07-21T19:15:00", "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/028827.html", "id": "CESA-2010:0499", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0178", "CVE-2010-0177", "CVE-2010-0179"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0332\n\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral use-after-free flaws were found in Firefox. Visiting a web page\ncontaining malicious content could result in Firefox executing arbitrary\ncode with the privileges of the user running Firefox. (CVE-2010-0175,\nCVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in Firefox that could allow an applet to generate a drag\nand drop action from a mouse click. Such an action could be used to execute\narbitrary JavaScript with the privileges of the user running Firefox.\n(CVE-2010-0178)\n\nA privilege escalation flaw was found in Firefox when the Firebug add-on is\nin use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome\nprivilege escalation flaw that could be used to execute arbitrary\nJavaScript with the privileges of the user running Firefox. (CVE-2010-0179)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-0174)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.19. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.19, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-April/028661.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-April/028662.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0332.html", "edition": 3, "modified": "2010-04-06T21:04:29", "published": "2010-04-06T21:01:59", "href": "http://lists.centos.org/pipermail/centos-announce/2010-April/028661.html", "id": "CESA-2010:0332", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:33", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-2754"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0546\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214)\n\nA memory corruption flaw was found in the way SeaMonkey decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause SeaMonkey to crash or, potentially, execute arbitrary\ncode with the privileges of the user running SeaMonkey. (CVE-2010-1205)\n\nA same-origin policy bypass flaw was found in SeaMonkey. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with SeaMonkey.\n(CVE-2010-2754)\n\nA flaw was found in the way SeaMonkey displayed the location bar when\nvisiting a secure web page. A malicious server could use this flaw to\npresent data that appears to originate from a secure server, even though it\ndoes not. (CVE-2010-2751)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028962.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028963.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0546.html", "edition": 3, "modified": "2010-08-16T21:38:04", "published": "2010-08-16T21:36:58", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/028962.html", "id": "CESA-2010:0546", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:34:40", "description": "Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.", "edition": 5, "cvss3": {}, "published": "2010-07-30T20:30:00", "title": "CVE-2010-2753", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2753"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6.1", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.0a1pre", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-2753", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2753", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:37", "description": "Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.", "edition": 5, "cvss3": {}, "published": "2010-06-24T12:30:00", "title": "CVE-2010-1198", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1198"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-1198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1198", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:40", "description": "dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.", "edition": 5, "cvss3": {}, "published": "2010-07-30T13:26:00", "title": "CVE-2010-2754", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2754"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6.1", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.0a1pre", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-2754", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2754", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:38", "description": "Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.", "edition": 5, "cvss3": {}, "published": "2010-07-30T20:30:00", "title": "CVE-2010-1214", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1214"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6.1", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:seamonkey:2.0a1pre", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-1214", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1214", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:36", "description": "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a \"dangling pointer vulnerability.\"", "edition": 5, "cvss3": {}, "published": "2010-04-05T17:30:00", "title": "CVE-2010-0177", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0177"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-0177", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0177", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:37", "description": "Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.", "edition": 5, "cvss3": {}, "published": "2010-06-24T12:30:00", "title": "CVE-2010-1199", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1199"], "modified": "2018-10-10T19:56:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-1199", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1199", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:37", "description": "Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both \"Content-Disposition: attachment\" and \"Content-Type: multipart\" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.", "edition": 5, "cvss3": {}, "published": "2010-06-24T12:30:00", "title": "CVE-2010-1197", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1197"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-1197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1197", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:35", "description": "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a \"dangling pointer vulnerability.\"", "edition": 5, "cvss3": {}, "published": "2010-04-05T17:30:00", "title": "CVE-2010-0176", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0176"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-0176", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0176", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:35", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 5, "cvss3": {}, "published": "2010-04-05T17:30:00", "title": "CVE-2010-0174", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0174"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-0174", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0174", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:38", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 5, "cvss3": {}, "published": "2010-07-30T20:30:00", "title": "CVE-2010-1211", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1211"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6.1", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.0a1pre", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-1211", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1211", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0178", "CVE-2010-0177", "CVE-2010-0179"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2027-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nApril 03, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : xulrunner\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id&#40;s&#41; : CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179\r\n\r\nSeveral remote vulnerabilities have been discovered in Xulrunner, a \r\nruntime environment for XUL applications, such as the Iceweasel web\r\nbrowser. The Common Vulnerabilities and Exposures project identifies \r\nthe following problems:\r\n\r\nCVE-2010-0174\r\n\r\n Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout\r\n engine, which might allow the execution of arbitrary code.\r\n\r\nCVE-2010-0175\r\n\r\n It was discovered that incorrect memory handling in the XUL event\r\n handler might allow the execution of arbitrary code.\r\n\r\nCVE-2010-0176\r\n\r\n It was discovered that incorrect memory handling in the XUL event\r\n handler might allow the execution of arbitrary code.\r\n\r\nCVE-2010-0177\r\n\r\n It was discovered that incorrect memory handling in the plugin code\r\n might allow the execution of arbitrary code.\r\n\r\nCVE-2010-0178\r\n\r\n Paul Stone discovered that forced drag-and-drop events could lead to\r\n Chrome privilege escalation.\r\n\r\nCVE-2010-0179\r\n\r\n It was discovered that a programming error in the XMLHttpRequestSpy\r\n module could lead to the execution of arbitrary code.\r\n\r\n\r\nFor the stable distribution &#40;lenny&#41;, these problems have been fixed in\r\nversion 1.9.0.19-1.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your xulrunner packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390\r\nand sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz\r\n Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-1.diff.gz\r\n Size/MD5 checksum: 116550 6c9e415004f27291e49f84e90d1d0131\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-1.dsc\r\n Size/MD5 checksum: 1755 e04cb5b6bd5b8b7f9add59c8a806e3c8\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-1_all.deb\r\n Size/MD5 checksum: 1465282 ce022b6790d6e14f4b788c308653dab8\r\n\r\nalpha architecture &#40;DEC Alpha&#41;\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_alpha.deb\r\n Size/MD5 checksum: 9484100 a782bd0ed837f3432c71a109dd98d045\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_alpha.deb\r\n Size/MD5 checksum: 223290 ecb8f397d3e6c7463b1c24c0a8ee3675\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_alpha.deb\r\n Size/MD5 checksum: 433032 7eec73671d538f485671874579557bc5\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_alpha.deb\r\n Size/MD5 checksum: 51124160 1a6dcf57c7d1185c6d95ea4d8bad1f12\r\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_alpha.deb\r\n Size/MD5 checksum: 165330 ee07c899e85d144a8f04ecb462e1c780\r\n \r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_alpha.deb\r\n Size/MD5 checksum: 113322 ac5b08d50ccb70971bb42f44dd938eb3\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_alpha.deb\r\n Size/MD5 checksum: 3356812 f445e0ef422d18b9428ee8190810eb5f\r\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_alpha.deb\r\n Size/MD5 checksum: 72410 b6055fee3f283a3b4f299398d156a21a\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_alpha.deb\r\n Size/MD5 checksum: 940016 fc6778b3d408736e10d43b5f30d2469a\r\n\r\namd64 architecture &#40;AMD x86_64 &#40;AMD64&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_amd64.deb\r\n Size/MD5 checksum: 70096 59959a92c5cd12582b36000575b81b98\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_amd64.deb\r\n Size/MD5 checksum: 223180 7b656ca6976ca0bc5e5dac21a2566807\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_amd64.deb\r\n Size/MD5 checksum: 890448 643a3817476fd091dca841dfcefd4584\r\n \r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_amd64.deb\r\n Size/MD5 checksum: 101702 96847a84ad24da47f98b4b332870c6bb\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_amd64.deb\r\n Size/MD5 checksum: 374384 85617766ed0a0ac960db1664b51f7891\r\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_amd64.deb\r\n Size/MD5 checksum: 152132 edcab736e161e97cf9738f43aecf2272\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_amd64.deb\r\n Size/MD5 checksum: 50350940 d38916e2024e9dc46dc40a30da643f2a\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_amd64.deb\r\n Size/MD5 checksum: 3290136 7b32902cd2a92a45a4b8f7163b684ad9\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_amd64.deb\r\n Size/MD5 checksum: 7730682 b4f1fc1f804898e1e6e787c1e826dfcf\r\n\r\narm architecture &#40;ARM&#41;\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_arm.deb\r\n Size/MD5 checksum: 140840 9213b7e72b0a4089d5e9220a3c2d1c59\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_arm.deb\r\n Size/MD5 checksum: 815414 c2ecc249eaaf006274019578d9325467\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_arm.deb\r\n Size/MD5 checksum: 84082 5a539ed642fe58a23f7e36046d6880f7\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_arm.deb\r\n Size/MD5 checksum: 222238 67145776fd90e6218a1b75e6c6b7c3d9\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_arm.deb\r\n Size/MD5 checksum: 49312054 9aa19e14aacb0afaced2067f9923ea0b\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_arm.deb\r\n Size/MD5 checksum: 6798174 3706217040f237a960bc122fc7fee5dd\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_arm.deb\r\n Size/MD5 checksum: 350754 1d4d221f446d90b0d6e4b6b86f4fedbd\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_arm.deb\r\n Size/MD5 checksum: 3583612 899a0b80111ae54cf2f97ba747f7e90f\r\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_arm.deb\r\n Size/MD5 checksum: 68406 941ade1edf2e875e257b65334c85ad57\r\n\r\narmel architecture &#40;ARM EABI&#41;\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_armel.deb\r\n Size/MD5 checksum: 84618 8b9e421b08f62fa826d4d4559d65657a\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_armel.deb\r\n Size/MD5 checksum: 353042 3ad84aaa456eef02cf30301ffcbcb331\r\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_armel.deb\r\n Size/MD5 checksum: 142304 a1d731a41a4c20089cdb96eeeb52b82c\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_armel.deb\r\n Size/MD5 checksum: 822678 6f6677d15e6995acc40b2a01867a8dff\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_armel.deb\r\n Size/MD5 checksum: 3583134 257b1b81c726f5e62968119519bbe0a6\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_armel.deb\r\n Size/MD5 checksum: 223240 c0c70b778f57a1fb6fa56a4d10a04757\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_armel.deb\r\n Size/MD5 checksum: 6959862 9484bbf6d85604dc0bbadb10f2205795\r\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_armel.deb\r\n Size/MD5 checksum: 70574 1ff9b320aa648dbeebf3558cdf33d266\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_armel.deb\r\n Size/MD5 checksum: 50147836 73702b83786ef3b8313edb56b29359f1\r\n\r\nhppa architecture &#40;HP PA RISC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_hppa.deb\r\n Size/MD5 checksum: 412450 a484d05bdf756bf3c4f11d47d7d9b0ae\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_hppa.deb\r\n Size/MD5 checksum: 223022 0d4a5aa91ed4938685cbc2dc946b1624\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_hppa.deb\r\n Size/MD5 checksum: 106090 ae7211d323ac2cf55efb86320d24f1d9\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_hppa.deb\r\n Size/MD5 checksum: 51231378 0a89533b5c3cb6b30f86fc9305ba3699\r\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_hppa.deb\r\n Size/MD5 checksum: 71534 b28b5e9086c3c714e41cb291caafb5e1\r\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_hppa.deb\r\n Size/MD5 checksum: 158976 00d4f5c739aad8069d677d83424e523e\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_hppa.deb\r\n Size/MD5 checksum: 898452 63b29a8fee489017233085ef111deff4\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_hppa.deb\r\n Size/MD5 checksum: 3623488 b11650685105902470f644985c3ee4fb\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_hppa.deb\r\n Size/MD5 checksum: 9517850 ef0a7bab2097c89458e1df4712bfe818\r\n\r\ni386 architecture &#40;Intel ia32&#41;\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_i386.deb\r\n Size/MD5 checksum: 68224 d79dbbd49ccd869fbb75ba6a6463e824\r\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_i386.deb\r\n Size/MD5 checksum: 140848 8a2c2187f946dcee05fcb6a8ea7b2348\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_i386.deb\r\n Size/MD5 checksum: 3569760 2fcc2fff9a8622c93849bcd52a95d66b\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_i386.deb\r\n Size/MD5 checksum: 851994 10cebc4ce2b519229be78e0cb5b6bf24\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_i386.deb\r\n Size/MD5 checksum: 350988 81024ae846f8ef96e317c2f9fc732420\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_i386.deb\r\n Size/MD5 checksum: 222056 206b45fc3245d48c117b09ff9cf90f3b\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_i386.deb\r\n Size/MD5 checksum: 82716 22d5b3764a6dcd3bc35b5577a5de7bc0\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_i386.deb\r\n Size/MD5 checksum: 49523498 54a2e4f0ed19be5b0978ace5a379cb26\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_i386.deb\r\n Size/MD5 checksum: 6604388 7b0276ee4f8bb91d7900af2b437aa15b\r\n\r\nia64 architecture &#40;Intel ia64&#41;\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_ia64.deb\r\n Size/MD5 checksum: 11307954 5f41a2e3292471699098a71dc7e07d86\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_ia64.deb\r\n Size/MD5 checksum: 223272 53b380b4a2206b8e08239317210490db\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_ia64.deb\r\n Size/MD5 checksum: 811282 b2bb56fb4744608c5a6d9adaa11ac956\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_ia64.deb\r\n Size/MD5 checksum: 121662 87ae39bfee9b50c9530d8b862d0ec8ab\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_ia64.deb\r\n Size/MD5 checksum: 542262 a490459aa56a72227d746771c7e4fd38\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_ia64.deb\r\n Size/MD5 checksum: 49705360 fbf406c88d94e9df58b20c3860368a2f\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_ia64.deb\r\n Size/MD5 checksum: 3399446 e35b0acdbbe8ea41549c5408b3c994e4\r\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_ia64.deb\r\n Size/MD5 checksum: 180336 94e52072a9edeefebb3639b78e0906b9\r\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_ia64.deb\r\n Size/MD5 checksum: 76664 2d9a7ae2827fb63f192a4a19b4b52dff\r\n\r\npowerpc architecture &#40;PowerPC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_powerpc.deb\r\n Size/MD5 checksum: 3592586 55c062ecc411207bd989b0c90043e669\r\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_powerpc.deb\r\n Size/MD5 checksum: 152718 0588b69278fa88cc4e46ee06b556b0c1\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_powerpc.deb\r\n Size/MD5 checksum: 363498 8f3cf54da3915e67381812b1b6443dd1\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_powerpc.deb\r\n Size/MD5 checksum: 888474 0ef63edd8c0adbe499bd669910e1e801\r\n \r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_powerpc.deb\r\n Size/MD5 checksum: 94508 96f25e720c7fd9afef7b5f6307c7ce2c\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_powerpc.deb\r\n Size/MD5 checksum: 7305390 3fb096941c22e896f65de9d05feab1e5\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_powerpc.deb\r\n Size/MD5 checksum: 51430576 13d14a97056d060ef434c2371396b7eb\r\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_powerpc.deb\r\n Size/MD5 checksum: 73504 94ef4eceab50e6bc4189abee7b5a4e02\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_powerpc.deb\r\n Size/MD5 checksum: 223302 3129fdf4c4ac144ea9dd2eac197b810a\r\n\r\nsparc architecture &#40;Sun SPARC/UltraSPARC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_sparc.deb\r\n Size/MD5 checksum: 49375616 86a3efe68f31cd50c54cd732d1969869\r\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_sparc.deb\r\n Size/MD5 checksum: 69526 9b077b92e08e5c424d3dda70bf9e0221\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_sparc.deb\r\n Size/MD5 checksum: 350202 9add4dc2667d1e66bfcecf3c51b20446\r\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_sparc.deb\r\n Size/MD5 checksum: 143276 90f5793e4ef8289563a2aa0412d8f1f3\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_sparc.deb\r\n Size/MD5 checksum: 821462 70e73a7be0077bea49846ef049ec1a14\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_sparc.deb\r\n Size/MD5 checksum: 7173522 752cec72a8bc6f013a0e5ae4798fb9fa\r\n \r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_sparc.deb\r\n Size/MD5 checksum: 88382 b0abf523058087e5f96d9acf0a8adb07\r\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_sparc.deb\r\n Size/MD5 checksum: 222434 42ac86dea6c9bfbb986192440b6cf936\r\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_sparc.deb\r\n Size/MD5 checksum: 3569660 af4abe4b40d62e158ee09c4e6c908720\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAku3f6QACgkQXm3vHE4uyloz9QCfbMp0wvuoy7Yfhsrcv0MN6/0c\r\nttYAoKWC4nERXKmdsRcyXgknTSvsults\r\n=/ruO\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-04-06T00:00:00", "published": "2010-04-06T00:00:00", "id": "SECURITYVULNS:DOC:23542", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23542", "title": "[SECURITY] [DSA 2027-1] New xulrunner packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0178", "CVE-2010-0177", "CVE-2010-0179"], "description": "Multiple memory corruptions, privilege escalations, code executions.", "edition": 1, "modified": "2010-04-06T00:00:00", "published": "2010-04-06T00:00:00", "id": "SECURITYVULNS:VULN:10744", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10744", "title": "xulrunner multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:30:09", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0178", "CVE-2010-0177", "CVE-2010-0179"], "description": "Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered \nflaws in the browser engine of Firefox. If a user were tricked into viewing \na malicious website, a remote attacker could cause a denial of service or \npossibly execute arbitrary code with the privileges of the user invoking \nthe program. (CVE-2010-0174)\n\nIt was discovered that Firefox could be made to access previously freed \nmemory. If a user were tricked into viewing a malicious website, a remote \nattacker could cause a denial of service or possibly execute arbitrary code \nwith the privileges of the user invoking the program. (CVE-2010-0175, \nCVE-2010-0176, CVE-2010-0177)\n\nPaul Stone discovered that Firefox could be made to change a mouse click \ninto a drag and drop event. If the user could be tricked into performing \nthis action twice on a crafted website, an attacker could execute \narbitrary JavaScript with chrome privileges. (CVE-2010-0178)\n\nIt was discovered that the XMLHttpRequestSpy module as used by the Firebug \nadd-on could be used to escalate privileges within the browser. If the user \nhad the Firebug add-on installed and were tricked into viewing a malicious \nwebsite, an attacker could potentially run arbitrary JavaScript. \n(CVE-2010-0179)", "edition": 5, "modified": "2010-04-09T00:00:00", "published": "2010-04-09T00:00:00", "id": "USN-920-1", "href": "https://ubuntu.com/security/notices/USN-920-1", "title": "Firefox 3.0 and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:21:48", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0178", "CVE-2010-0177", "CVE-2010-0179"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2027-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 03, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a \nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies \nthe following problems:\n\nCVE-2010-0174\n\n Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout\n engine, which might allow the execution of arbitrary code.\n\nCVE-2010-0175\n\n It was discovered that incorrect memory handling in the XUL event\n handler might allow the execution of arbitrary code.\n\nCVE-2010-0176\n\n It was discovered that incorrect memory handling in the XUL event\n handler might allow the execution of arbitrary code.\n\nCVE-2010-0177\n\n It was discovered that incorrect memory handling in the plugin code\n might allow the execution of arbitrary code.\n\nCVE-2010-0178\n\n Paul Stone discovered that forced drag-and-drop events could lead to\n Chrome privilege escalation.\n\nCVE-2010-0179\n\n It was discovered that a programming error in the XMLHttpRequestSpy\n module could lead to the execution of arbitrary code.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your xulrunner packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz\n Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-1.diff.gz\n Size/MD5 checksum: 116550 6c9e415004f27291e49f84e90d1d0131\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-1.dsc\n Size/MD5 checksum: 1755 e04cb5b6bd5b8b7f9add59c8a806e3c8\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-1_all.deb\n Size/MD5 checksum: 1465282 ce022b6790d6e14f4b788c308653dab8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_alpha.deb\n Size/MD5 checksum: 9484100 a782bd0ed837f3432c71a109dd98d045\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_alpha.deb\n Size/MD5 checksum: 223290 ecb8f397d3e6c7463b1c24c0a8ee3675\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_alpha.deb\n Size/MD5 checksum: 433032 7eec73671d538f485671874579557bc5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_alpha.deb\n Size/MD5 checksum: 51124160 1a6dcf57c7d1185c6d95ea4d8bad1f12\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_alpha.deb\n Size/MD5 checksum: 165330 ee07c899e85d144a8f04ecb462e1c780\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_alpha.deb\n Size/MD5 checksum: 113322 ac5b08d50ccb70971bb42f44dd938eb3\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_alpha.deb\n Size/MD5 checksum: 3356812 f445e0ef422d18b9428ee8190810eb5f\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_alpha.deb\n Size/MD5 checksum: 72410 b6055fee3f283a3b4f299398d156a21a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_alpha.deb\n Size/MD5 checksum: 940016 fc6778b3d408736e10d43b5f30d2469a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_amd64.deb\n Size/MD5 checksum: 70096 59959a92c5cd12582b36000575b81b98\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_amd64.deb\n Size/MD5 checksum: 223180 7b656ca6976ca0bc5e5dac21a2566807\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_amd64.deb\n Size/MD5 checksum: 890448 643a3817476fd091dca841dfcefd4584\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_amd64.deb\n Size/MD5 checksum: 101702 96847a84ad24da47f98b4b332870c6bb\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_amd64.deb\n Size/MD5 checksum: 374384 85617766ed0a0ac960db1664b51f7891\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_amd64.deb\n Size/MD5 checksum: 152132 edcab736e161e97cf9738f43aecf2272\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_amd64.deb\n Size/MD5 checksum: 50350940 d38916e2024e9dc46dc40a30da643f2a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_amd64.deb\n Size/MD5 checksum: 3290136 7b32902cd2a92a45a4b8f7163b684ad9\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_amd64.deb\n Size/MD5 checksum: 7730682 b4f1fc1f804898e1e6e787c1e826dfcf\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_arm.deb\n Size/MD5 checksum: 140840 9213b7e72b0a4089d5e9220a3c2d1c59\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_arm.deb\n Size/MD5 checksum: 815414 c2ecc249eaaf006274019578d9325467\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_arm.deb\n Size/MD5 checksum: 84082 5a539ed642fe58a23f7e36046d6880f7\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_arm.deb\n Size/MD5 checksum: 222238 67145776fd90e6218a1b75e6c6b7c3d9\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_arm.deb\n Size/MD5 checksum: 49312054 9aa19e14aacb0afaced2067f9923ea0b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_arm.deb\n Size/MD5 checksum: 6798174 3706217040f237a960bc122fc7fee5dd\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_arm.deb\n Size/MD5 checksum: 350754 1d4d221f446d90b0d6e4b6b86f4fedbd\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_arm.deb\n Size/MD5 checksum: 3583612 899a0b80111ae54cf2f97ba747f7e90f\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_arm.deb\n Size/MD5 checksum: 68406 941ade1edf2e875e257b65334c85ad57\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_armel.deb\n Size/MD5 checksum: 84618 8b9e421b08f62fa826d4d4559d65657a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_armel.deb\n Size/MD5 checksum: 353042 3ad84aaa456eef02cf30301ffcbcb331\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_armel.deb\n Size/MD5 checksum: 142304 a1d731a41a4c20089cdb96eeeb52b82c\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_armel.deb\n Size/MD5 checksum: 822678 6f6677d15e6995acc40b2a01867a8dff\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_armel.deb\n Size/MD5 checksum: 3583134 257b1b81c726f5e62968119519bbe0a6\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_armel.deb\n Size/MD5 checksum: 223240 c0c70b778f57a1fb6fa56a4d10a04757\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_armel.deb\n Size/MD5 checksum: 6959862 9484bbf6d85604dc0bbadb10f2205795\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_armel.deb\n Size/MD5 checksum: 70574 1ff9b320aa648dbeebf3558cdf33d266\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_armel.deb\n Size/MD5 checksum: 50147836 73702b83786ef3b8313edb56b29359f1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_hppa.deb\n Size/MD5 checksum: 412450 a484d05bdf756bf3c4f11d47d7d9b0ae\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_hppa.deb\n Size/MD5 checksum: 223022 0d4a5aa91ed4938685cbc2dc946b1624\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_hppa.deb\n Size/MD5 checksum: 106090 ae7211d323ac2cf55efb86320d24f1d9\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_hppa.deb\n Size/MD5 checksum: 51231378 0a89533b5c3cb6b30f86fc9305ba3699\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_hppa.deb\n Size/MD5 checksum: 71534 b28b5e9086c3c714e41cb291caafb5e1\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_hppa.deb\n Size/MD5 checksum: 158976 00d4f5c739aad8069d677d83424e523e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_hppa.deb\n Size/MD5 checksum: 898452 63b29a8fee489017233085ef111deff4\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_hppa.deb\n Size/MD5 checksum: 3623488 b11650685105902470f644985c3ee4fb\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_hppa.deb\n Size/MD5 checksum: 9517850 ef0a7bab2097c89458e1df4712bfe818\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_i386.deb\n Size/MD5 checksum: 68224 d79dbbd49ccd869fbb75ba6a6463e824\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_i386.deb\n Size/MD5 checksum: 140848 8a2c2187f946dcee05fcb6a8ea7b2348\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_i386.deb\n Size/MD5 checksum: 3569760 2fcc2fff9a8622c93849bcd52a95d66b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_i386.deb\n Size/MD5 checksum: 851994 10cebc4ce2b519229be78e0cb5b6bf24\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_i386.deb\n Size/MD5 checksum: 350988 81024ae846f8ef96e317c2f9fc732420\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_i386.deb\n Size/MD5 checksum: 222056 206b45fc3245d48c117b09ff9cf90f3b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_i386.deb\n Size/MD5 checksum: 82716 22d5b3764a6dcd3bc35b5577a5de7bc0\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_i386.deb\n Size/MD5 checksum: 49523498 54a2e4f0ed19be5b0978ace5a379cb26\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_i386.deb\n Size/MD5 checksum: 6604388 7b0276ee4f8bb91d7900af2b437aa15b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_ia64.deb\n Size/MD5 checksum: 11307954 5f41a2e3292471699098a71dc7e07d86\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_ia64.deb\n Size/MD5 checksum: 223272 53b380b4a2206b8e08239317210490db\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_ia64.deb\n Size/MD5 checksum: 811282 b2bb56fb4744608c5a6d9adaa11ac956\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_ia64.deb\n Size/MD5 checksum: 121662 87ae39bfee9b50c9530d8b862d0ec8ab\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_ia64.deb\n Size/MD5 checksum: 542262 a490459aa56a72227d746771c7e4fd38\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_ia64.deb\n Size/MD5 checksum: 49705360 fbf406c88d94e9df58b20c3860368a2f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_ia64.deb\n Size/MD5 checksum: 3399446 e35b0acdbbe8ea41549c5408b3c994e4\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_ia64.deb\n Size/MD5 checksum: 180336 94e52072a9edeefebb3639b78e0906b9\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_ia64.deb\n Size/MD5 checksum: 76664 2d9a7ae2827fb63f192a4a19b4b52dff\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_powerpc.deb\n Size/MD5 checksum: 3592586 55c062ecc411207bd989b0c90043e669\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_powerpc.deb\n Size/MD5 checksum: 152718 0588b69278fa88cc4e46ee06b556b0c1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_powerpc.deb\n Size/MD5 checksum: 363498 8f3cf54da3915e67381812b1b6443dd1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_powerpc.deb\n Size/MD5 checksum: 888474 0ef63edd8c0adbe499bd669910e1e801\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_powerpc.deb\n Size/MD5 checksum: 94508 96f25e720c7fd9afef7b5f6307c7ce2c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_powerpc.deb\n Size/MD5 checksum: 7305390 3fb096941c22e896f65de9d05feab1e5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_powerpc.deb\n Size/MD5 checksum: 51430576 13d14a97056d060ef434c2371396b7eb\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_powerpc.deb\n Size/MD5 checksum: 73504 94ef4eceab50e6bc4189abee7b5a4e02\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_powerpc.deb\n Size/MD5 checksum: 223302 3129fdf4c4ac144ea9dd2eac197b810a\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_sparc.deb\n Size/MD5 checksum: 49375616 86a3efe68f31cd50c54cd732d1969869\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_sparc.deb\n Size/MD5 checksum: 69526 9b077b92e08e5c424d3dda70bf9e0221\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_sparc.deb\n Size/MD5 checksum: 350202 9add4dc2667d1e66bfcecf3c51b20446\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_sparc.deb\n Size/MD5 checksum: 143276 90f5793e4ef8289563a2aa0412d8f1f3\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_sparc.deb\n Size/MD5 checksum: 821462 70e73a7be0077bea49846ef049ec1a14\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_sparc.deb\n Size/MD5 checksum: 7173522 752cec72a8bc6f013a0e5ae4798fb9fa\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_sparc.deb\n Size/MD5 checksum: 88382 b0abf523058087e5f96d9acf0a8adb07\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_sparc.deb\n Size/MD5 checksum: 222434 42ac86dea6c9bfbb986192440b6cf936\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_sparc.deb\n Size/MD5 checksum: 3569660 af4abe4b40d62e158ee09c4e6c908720\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2010-04-03T17:50:39", "published": "2010-04-03T17:50:39", "id": "DEBIAN:DSA-2027-1:5873C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00067.html", "title": "[SECURITY] [DSA 2027-1] New xulrunner packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:23:09", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0176", "CVE-2010-0174", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-0173", "CVE-2010-0178", "CVE-2010-0177", "CVE-2010-1196", "CVE-2010-0181", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-0179", "CVE-2010-1198"], "description": "Alexander Reichle-Schmehl uploaded new packages for &lt;packagename&gt; which fixed the\nfollowing security problems:\n\nCVE-2008-5913\n\nThe Math.random function in the JavaScript implementation in Mozilla\nFirefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before\n2.0.5, uses a random number generator that is seeded only once per\nbrowser session, which makes it easier for remote attackers to track a\nuser, or trick a user into acting upon a spoofed pop-up message, by\ncalculating the seed value, related to a &quot;temporary footprint&quot; and an\n&quot;in-session phishing attack.&quot;\n\nCVE-2010-0183\n\nUse-after-free vulnerability in the nsCycleCollector::MarkRoots function\nin Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows\nremote attackers to execute arbitrary code via a crafted HTML document,\nrelated to an improper frame construction process for menus.\n\nCVE-2010-0173\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4,\nand SeaMonkey before 2.0.4 allow remote attackers to cause a denial of\nservice (memory corruption and application crash) or possibly execute\narbitrary code via unknown vectors.\n\nCVE-2010-0174\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2;\nThunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote\nattackers to cause a denial of service (memory corruption and\napplication crash) or possibly execute arbitrary code via unknown\nvectors.\n\nCVE-2010-0175\n\nUse-after-free vulnerability in the nsTreeSelection implementation in\nMozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before\n3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute\narbitrary code or cause a denial of service (application crash) via\nunspecified vectors that trigger a call to the handler for the select\nevent for XUL tree items.\n\nCVE-2010-0176\n\nMozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before\n3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not\nproperly manage reference counts for option elements in a XUL tree\noptgroup, which might allow remote attackers to execute arbitrary code\nvia unspecified vectors that trigger access to deleted elements, related\nto a &quot;dangling pointer vulnerability.&quot;\n\nCVE-2010-0177\n\nMozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before\n3.6.2, and SeaMonkey before 2.0.4, frees the contents of the\nwindow.navigator.plugins array while a reference to an array element is\nstill active, which allows remote attackers to execute arbitrary code or\ncause a denial of service (application crash) via unspecified vectors,\nrelated to a &quot;dangling pointer vulnerability.&quot;\n\nCVE-2010-0178\n\nMozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before\n3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from\ninterpreting mouse clicks as drag-and-drop actions, which allows remote\nattackers to execute arbitrary JavaScript with Chrome privileges by\nloading a chrome: URL and then loading a javascript: URL.\n\nCVE-2010-0179\n\nMozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey\nbefore 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is\nused, does not properly handle interaction between the XMLHttpRequestSpy\nobject and chrome privileged objects, which allows remote attackers to\nexecute arbitrary JavaScript via a crafted HTTP response.\n\nCVE-2010-0181\n\nMozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey\nbefore 2.0.4, executes a mail application in situations where an IMG\nelement has a SRC attribute that is a redirect to a mailto: URL, which\nallows remote attackers to cause a denial of service (excessive\napplication launches) via an HTML document with many images.\n\nCVE-2010-1125\n\nThe JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and\n3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers\nto send selected keystrokes to a form field in a hidden frame, instead\nof the intended form field in a visible frame, via certain calls to the\nfocus method.\n\nCVE-2010-1196\n\nInteger overflow in the nsGenericDOMDataNode::SetTextInternal function\nin Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,\nThunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote\nattackers to execute arbitrary code via a DOM node with a long text\nvalue that triggers a heap-based buffer overflow.\n\nCVE-2010-1197\n\nMozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and\nSeaMonkey before 2.0.5, does not properly handle situations in which\nboth &quot;Content-Disposition: attachment&quot; and &quot;Content-Type: multipart&quot; are\npresent in HTTP headers, which allows remote attackers to conduct\ncross-site scripting (XSS) attacks via an uploaded HTML document.\n\nCVE-2010-1198\n\nUse-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and\n3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers\nto execute arbitrary code via vectors involving multiple plugin\ninstances.\n\nCVE-2010-1199\n\nInteger overflow in the XSLT node sorting implementation in Mozilla\nFirefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before\n3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute\narbitrary code via a large text value for a node.\n\nCVE-2010-1200\n\nMultiple unspecified vulnerabilities in the browser engine in\nMozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird\nbefore 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause\na denial of service (memory corruption and application crash) or\npossibly execute arbitrary code via unknown vectors.\n\nCVE-2010-1201\n\nUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x\nbefore 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5\nallows remote attackers to cause a denial of service (memory corruption\nand application crash) or possibly execute arbitrary code via unknown\nvectors.\n\nCVE-2010-1202\n\nMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla\nFirefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before\n3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a\ndenial of service (memory corruption and application crash) or possibly\nexecute arbitrary code via unknown vectors.\n\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 1.9.1.10-1~bpo50+1.\n\nFor the squeeze and sid distributions the problems have been fixed in\nversion 1.9.1.10-1.\n\n \nUpgrade instructions\n--------------------\n \nIf you don&#x27;t use pinning (see [1]) you have to update the package\nmanually via &quot;apt-get -t lenny-backports install &lt;packagelist&gt;&quot; with\nthe packagelist of your installed packages affected by this update.\n[1] &lt;http://backports.org/dokuwiki/doku.php?id=instructions&gt;\n \nWe recommend to pin the backports repository to 200 so that new\nversions of installed backports will be installed automatically. \n \n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\n", "edition": 2, "modified": "2010-07-01T11:54:27", "published": "2010-07-01T11:54:27", "id": "DEBIAN:57EB2EE5530CFF9138E7023380130022:B480D", "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201007/msg00000.html", "title": "[Backports-security-announce] Security Update for xulrunner", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client. ", "modified": "2010-04-01T01:55:06", "published": "2010-04-01T01:55:06", "id": "FEDORA:B547211022F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: thunderbird-3.0.4-1.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client. ", "modified": "2010-04-01T01:53:01", "published": "2010-04-01T01:53:01", "id": "FEDORA:0A2B4110571", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: thunderbird-3.0.4-1.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client. ", "modified": "2010-04-01T17:18:40", "published": "2010-04-01T17:18:40", "id": "FEDORA:E9F2A10F962", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: thunderbird-3.0.4-1.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176"], "description": "Mozilla Sunbird is a cross-platform calendar application, built upon Mozilla Toolkit. It brings Mozilla-style ease-of-use to your calendar, without tying you to a particular storage solution. ", "modified": "2010-04-01T01:53:01", "published": "2010-04-01T01:53:01", "id": "FEDORA:0D25A1105FD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: sunbird-1.0-0.16.20090715hg.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176"], "description": "Mozilla Sunbird is a cross-platform calendar application, built upon Mozilla Toolkit. It brings Mozilla-style ease-of-use to your calendar, without tying you to a particular storage solution. ", "modified": "2010-04-01T17:18:40", "published": "2010-04-01T17:18:40", "id": "FEDORA:F0B7610FD87", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: sunbird-1.0-0.21.20090916hg.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176"], "description": "Mozilla Sunbird is a cross-platform calendar application, built upon Mozilla Toolkit. It brings Mozilla-style ease-of-use to your calendar, without tying you to a particular storage solution. ", "modified": "2010-04-01T01:55:06", "published": "2010-04-01T01:55:06", "id": "FEDORA:B89AA11069B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: sunbird-1.0-0.21.20090916hg.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-0178", "CVE-2010-0181"], "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "modified": "2010-04-01T01:45:23", "published": "2010-04-01T01:45:23", "id": "FEDORA:4CE0D10FED7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: gnome-python2-extras-2.25.3-17.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}