Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075)
A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077)
Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408)
Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076)
A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654)
Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms inside signatures by default.
(CVE-2009-2409)
All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
{"id": "REDHAT-RHSA-2009-1432.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 3 : seamonkey (RHSA-2009:1432)", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms inside signatures by default.\n(CVE-2009-2409)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "published": "2009-09-10T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/40923", "reporter": "This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408", "https://access.redhat.com/security/cve/cve-2009-2409", "https://access.redhat.com/security/cve/cve-2009-3075", "https://access.redhat.com/security/cve/cve-2009-3072", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077", "https://access.redhat.com/errata/RHSA-2009:1432", "https://access.redhat.com/security/cve/cve-2009-2654", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409", "https://access.redhat.com/security/cve/cve-2009-3077", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072", "https://access.redhat.com/security/cve/cve-2009-2408", "https://access.redhat.com/security/cve/cve-2009-3076"], "cvelist": ["CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2654", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-3076", "CVE-2009-3077"], "immutableFields": [], "lastseen": "2021-08-19T13:06:40", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["SENDMAIL_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2013-220", "ALAS-2013-224", "ALAS-2013-241"]}, {"type": "centos", "idList": ["CESA-2009:1430", "CESA-2009:1431", "CESA-2009:1432", "CESA-2009:1584", "CESA-2010:0054", "CESA-2010:0153", "CESA-2010:0154", "CESA-2010:0163", "CESA-2010:0166"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2009-129", "CPAI-2010-116", "CPAI-2010-420"]}, {"type": "cve", "idList": ["CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2417", "CVE-2009-2474", "CVE-2009-2510", "CVE-2009-2645", "CVE-2009-2654", "CVE-2009-2666", "CVE-2009-2700", "CVE-2009-2702", "CVE-2009-2825", "CVE-2009-2973", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-3076", "CVE-2009-3077", "CVE-2009-3455", "CVE-2009-3456", "CVE-2009-3475", "CVE-2009-3477", "CVE-2009-3490", "CVE-2009-3639", "CVE-2009-3765", "CVE-2009-3767", "CVE-2009-3941", "CVE-2009-3942", "CVE-2009-3985", "CVE-2009-4034", "CVE-2009-4565", "CVE-2010-1192", "CVE-2010-2074", "CVE-2013-4073", "CVE-2013-4238", "CVE-2013-4248"]}, {"type": "debian", "idList": ["DEBIAN:56C805B941600C7D24189CA65B1A3471:E7DF7", "DEBIAN:C3198C7038C741D18B1B552AA2E029E6:20DB3", "DEBIAN:C3198C7038C741D18B1B552AA2E029E6:E7DF7", "DEBIAN:DSA-1873-1:F50AD", "DEBIAN:DSA-1874-1:56C30", "DEBIAN:DSA-1885-1:DC8B3", "DEBIAN:DSA-1888-1:9C570", "DEBIAN:DSA-1935-1:88D08", "DEBIAN:DSA-2025-1:6CC79"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-2408", "DEBIANCVE:CVE-2009-2409", "DEBIANCVE:CVE-2009-2417", "DEBIANCVE:CVE-2009-2474", "DEBIANCVE:CVE-2009-2666", "DEBIANCVE:CVE-2009-2700", "DEBIANCVE:CVE-2009-2702", "DEBIANCVE:CVE-2009-2973", "DEBIANCVE:CVE-2009-3456", "DEBIANCVE:CVE-2009-3475", "DEBIANCVE:CVE-2009-3490", "DEBIANCVE:CVE-2009-3639", "DEBIANCVE:CVE-2009-3765", "DEBIANCVE:CVE-2009-3767", "DEBIANCVE:CVE-2009-3941", "DEBIANCVE:CVE-2009-3942", "DEBIANCVE:CVE-2009-4565", "DEBIANCVE:CVE-2010-1192", "DEBIANCVE:CVE-2010-2074", "DEBIANCVE:CVE-2013-4073", "DEBIANCVE:CVE-2013-4238"]}, {"type": "exploitdb", "idList": ["EDB-ID:33128"]}, {"type": "f5", "idList": ["F5:K15638", "F5:K15663", "F5:K15683", "SOL14909", "SOL15638", "SOL15663", "SOL15683"]}, {"type": "fedora", "idList": ["FEDORA:048D210F8A0", "FEDORA:1C6D410F83E", "FEDORA:1D7C611126A", "FEDORA:321D510F87A", "FEDORA:3A72D10F881", "FEDORA:42CF310F884", "FEDORA:49E3B10F88A", "FEDORA:4D0E210F890", "FEDORA:4FFB710F893", "FEDORA:52DB510F894", "FEDORA:55C1C10F895", "FEDORA:58B0F10F896", "FEDORA:5BB9B10F898", "FEDORA:65FAD10F89A", "FEDORA:6883210F89B", "FEDORA:6969410F89C", "FEDORA:6A72A10F89D", "FEDORA:6D64910F89F", "FEDORA:6D79110F8A0", "FEDORA:7301010F8A1", "FEDORA:7CB1010F8A2", "FEDORA:803FD10F8A3", "FEDORA:8049610F8A4", "FEDORA:832B210F8A5", "FEDORA:8357810F8A6", "FEDORA:9A32710F7FF", "FEDORA:9C25610F85E", "FEDORA:AAAA010F86F", "FEDORA:BD01E10F83E", "FEDORA:D10B610F87A", "FEDORA:D141110F881", "FEDORA:D3E9E10F884", "FEDORA:DAB6410F88A", "FEDORA:DAC6D10F890", "FEDORA:E159810F893", "FEDORA:E1DB210F894", "FEDORA:E86B510F895", "FEDORA:E872410F896", "FEDORA:EAFCD10F898", "FEDORA:EB09210F89A", "FEDORA:EE0D910F89B", "FEDORA:EE20210F89C", "FEDORA:EFD8F10F89D", "FEDORA:F1D3D10F89F"]}, {"type": "freebsd", "idList": ["49E8F2EE-8147-11DE-A994-0030843D3802", "56CFE192-329F-11DF-ABB2-000F20797EDE", "922D2398-9E2D-11DE-A998-0030843D3802", "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-200911-02", "GLSA-200912-01", "GLSA-201301-01"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-OSX-FETCHMAIL-CVE-2009-2666/", "MSF:ILITIES/CENTOS_LINUX-CVE-2009-2666/", "MSF:ILITIES/FREEBSD-VID-5179D85C-8683-11DE-91B9-0022157515B2/", "MSF:ILITIES/GENTOO-LINUX-CVE-2009-2666/", "MSF:ILITIES/LINUXRPM-RHSA-2009-1662/", "MSF:ILITIES/LINUXRPM-RHSA-2010-0440/", "MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2013-4073/", "MSF:ILITIES/SUSE-CVE-2009-2666/"]}, {"type": "mozilla", "idList": ["MFSA2009-42", "MFSA2009-44", "MFSA2009-47", "MFSA2009-48", "MFSA2009-49", "MFSA2010-07"]}, {"type": "nessus", "idList": ["5113.PRM", "5152.PRM", "5161.PRM", "5227.PRM", "5353.PRM", "5479.PRM", "5480.PRM", "800771.PRM", "800795.PRM", "801235.PRM", "801349.PRM", "CENTOS_RHSA-2009-1430.NASL", "CENTOS_RHSA-2009-1431.NASL", "CENTOS_RHSA-2009-1432.NASL", "CENTOS_RHSA-2009-1584.NASL", "CENTOS_RHSA-2010-0054.NASL", "CENTOS_RHSA-2010-0153.NASL", "CENTOS_RHSA-2010-0154.NASL", "CENTOS_RHSA-2010-0163.NASL", "CENTOS_RHSA-2010-0166.NASL", "DEBIAN_DSA-1873.NASL", "DEBIAN_DSA-1874.NASL", "DEBIAN_DSA-1885.NASL", "DEBIAN_DSA-1888.NASL", "DEBIAN_DSA-1935.NASL", "DEBIAN_DSA-2025.NASL", "EULEROS_SA-2019-1546.NASL", "F5_BIGIP_SOL15663.NASL", "FEDORA_2009-11486.NASL", "FEDORA_2009-11489.NASL", "FEDORA_2009-11490.NASL", "FEDORA_2009-8279.NASL", "FEDORA_2009-8288.NASL", "FEDORA_2009-9494.NASL", "FEDORA_2009-9505.NASL", "FREEBSD_PKG_49E8F2EE814711DEA9940030843D3802.NASL", "FREEBSD_PKG_56CFE192329F11DFABB2000F20797EDE.NASL", "FREEBSD_PKG_922D23989E2D11DEA9980030843D3802.NASL", "GENTOO_GLSA-200911-02.NASL", "GENTOO_GLSA-200912-01.NASL", "GENTOO_GLSA-201301-01.NASL", "MACOSX_10_6_2.NASL", "MACOSX_SECUPD2009-006.NASL", "MANDRIVA_MDVSA-2009-197.NASL", "MANDRIVA_MDVSA-2009-198.NASL", "MANDRIVA_MDVSA-2009-217.NASL", "MANDRIVA_MDVSA-2009-236.NASL", "MANDRIVA_MDVSA-2009-238.NASL", "MANDRIVA_MDVSA-2009-239.NASL", "MANDRIVA_MDVSA-2009-258.NASL", "MANDRIVA_MDVSA-2009-310.NASL", "MANDRIVA_MDVSA-2010-071.NASL", "MANDRIVA_MDVSA-2010-084.NASL", "MOZILLA_FIREFOX_3013.NASL", "MOZILLA_FIREFOX_3014.NASL", "MOZILLA_FIREFOX_352.NASL", "MOZILLA_FIREFOX_353.NASL", "MOZILLA_THUNDERBIRD_20023.NASL", "MOZILLA_THUNDERBIRD_20024.NASL", "NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL", "OPENSSL_0_9_8L.NASL", "ORACLELINUX_ELSA-2009-1184.NASL", "ORACLELINUX_ELSA-2009-1430.NASL", "ORACLELINUX_ELSA-2009-1431.NASL", "ORACLELINUX_ELSA-2009-1432.NASL", "ORACLELINUX_ELSA-2009-1584.NASL", "ORACLELINUX_ELSA-2010-0054.NASL", "ORACLELINUX_ELSA-2010-0154.NASL", "ORACLELINUX_ELSA-2010-0163.NASL", "ORACLELINUX_ELSA-2010-0166.NASL", "ORACLEVM_OVMSA-2014-0007.NASL", "ORACLEVM_OVMSA-2014-0008.NASL", "REDHAT-RHSA-2009-1184.NASL", "REDHAT-RHSA-2009-1186.NASL", "REDHAT-RHSA-2009-1190.NASL", "REDHAT-RHSA-2009-1207.NASL", "REDHAT-RHSA-2009-1430.NASL", "REDHAT-RHSA-2009-1431.NASL", "REDHAT-RHSA-2009-1560.NASL", "REDHAT-RHSA-2009-1571.NASL", "REDHAT-RHSA-2009-1584.NASL", "REDHAT-RHSA-2009-1662.NASL", "REDHAT-RHSA-2010-0054.NASL", "REDHAT-RHSA-2010-0153.NASL", "REDHAT-RHSA-2010-0154.NASL", "REDHAT-RHSA-2010-0163.NASL", "REDHAT-RHSA-2010-0166.NASL", "SEAMONKEY_1118.NASL", "SEAMONKEY_1119.NASL", "SL_20090731_NSPR_AND_NSS_FOR_SL_4_X.NASL", "SL_20090731_NSPR_AND_NSS_FOR_SL_5_X.NASL", "SL_20090909_FIREFOX_ON_SL4_X.NASL", "SL_20090909_SEAMONKEY_ON_SL3_X.NASL", "SL_20091109_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "SL_20100119_OPENSSL_ON_SL5_X.NASL", "SL_20100317_THUNDERBIRD_ON_SL4_X.NASL", "SL_20100325_GNUTLS_ON_SL4_X.NASL", "SL_20100325_OPENSSL_ON_SL3_X.NASL", "SUSE9_12505.NASL", "SUSE9_12506.NASL", "SUSE9_12521.NASL", "SUSE9_12616.NASL", "SUSE_11_0_JAVA-1_6_0-OPENJDK-091125.NASL", "SUSE_11_0_LIBFREEBL3-090812.NASL", "SUSE_11_0_LIBLDAP-2_4-2-090909.NASL", "SUSE_11_0_LIBNEON-DEVEL-091012.NASL", "SUSE_11_0_MOZILLAFIREFOX-090812.NASL", "SUSE_11_0_MOZILLAFIREFOX-090916.NASL", "SUSE_11_0_MOZILLATHUNDERBIRD-090914.NASL", "SUSE_11_0_MOZILLATHUNDERBIRD-100324.NASL", "SUSE_11_0_MUTT-090909.NASL", "SUSE_11_0_SEAMONKEY-091007.NASL", "SUSE_11_0_SEAMONKEY-100430.NASL", "SUSE_11_1_JAVA-1_6_0-OPENJDK-091125.NASL", "SUSE_11_1_LIBFREEBL3-090812.NASL", "SUSE_11_1_LIBLDAP-2_4-2-090909.NASL", "SUSE_11_1_LIBNEON-DEVEL-091012.NASL", "SUSE_11_1_MOZILLAFIREFOX-090812.NASL", "SUSE_11_1_MOZILLAFIREFOX-090916.NASL", "SUSE_11_1_MOZILLATHUNDERBIRD-090914.NASL", "SUSE_11_1_MOZILLATHUNDERBIRD-100324.NASL", "SUSE_11_1_MUTT-090909.NASL", "SUSE_11_1_SEAMONKEY-091007.NASL", "SUSE_11_1_SEAMONKEY-100430.NASL", "SUSE_11_2_JAVA-1_6_0-OPENJDK-091127.NASL", "SUSE_11_LIBFREEBL3-090812.NASL", "SUSE_11_LIBLDAP-2_4-2-090915.NASL", "SUSE_11_LIBNEON-DEVEL-091012.NASL", "SUSE_11_MOZILLA-XULRUNNER190-090917.NASL", "SUSE_11_MOZILLA-XULRUNNER190-090922.NASL", "SUSE_11_MOZILLAFIREFOX-090812.NASL", "SUSE_11_MOZILLAFIREFOX-090924.NASL", "SUSE_11_MOZILLATHUNDERBIRD-090915.NASL", "SUSE_11_MUTT-090909.NASL", "SUSE_FIREFOX35UPGRADE-6562.NASL", "SUSE_FIREFOX35UPGRADE-6563.NASL", "SUSE_LIBFREEBL3-6494.NASL", "SUSE_LIBLDAP-2_4-2-6488.NASL", "SUSE_LIBNEON-DEVEL-6550.NASL", "SUSE_MOZILLA-NSPR-6541.NASL", "SUSE_MOZILLAFIREFOX-6433.NASL", "SUSE_MOZILLAFIREFOX-6495.NASL", "SUSE_MOZILLAFIREFOX-6562.NASL", "SUSE_MOZILLATHUNDERBIRD-6493.NASL", "SUSE_MUTT-6484.NASL", "SUSE_MUTT-6487.NASL", "SUSE_NEON-6548.NASL", "SUSE_NEON-6549.NASL", "SUSE_OPENLDAP2-6485.NASL", "SUSE_OPENLDAP2-6598.NASL", "SUSE_SEAMONKEY-6538.NASL", "UBUNTU_USN-809-1.NASL", "UBUNTU_USN-810-1.NASL", "UBUNTU_USN-810-2.NASL", "UBUNTU_USN-810-3.NASL", "UBUNTU_USN-811-1.NASL", "UBUNTU_USN-821-1.NASL", "UBUNTU_USN-830-1.NASL", "UBUNTU_USN-859-1.NASL", "UBUNTU_USN-915-1.NASL", "VMWARE_VMSA-2010-0001.NASL", "VMWARE_VMSA-2010-0001_REMOTE.NASL", "VMWARE_VMSA-2010-0009.NASL", "VMWARE_VMSA-2010-0009_REMOTE.NASL", "VMWARE_VMSA-2010-0015.NASL", "VMWARE_VMSA-2010-0015_REMOTE.NASL", "VMWARE_VMSA-2010-0019.NASL", "VMWARE_VMSA-2010-0019_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102038", "OPENVAS:103468", "OPENVAS:1361412562310102038", "OPENVAS:1361412562310103468", "OPENVAS:1361412562310120120", "OPENVAS:1361412562310120376", "OPENVAS:1361412562310120380", "OPENVAS:1361412562310121000", "OPENVAS:1361412562310122380", "OPENVAS:1361412562310122398", "OPENVAS:1361412562310122419", "OPENVAS:1361412562310122439", "OPENVAS:1361412562310122461", "OPENVAS:1361412562310122465", "OPENVAS:136141256231064508", "OPENVAS:136141256231064510", "OPENVAS:136141256231064513", "OPENVAS:136141256231064552", "OPENVAS:136141256231064554", "OPENVAS:136141256231064577", "OPENVAS:136141256231064597", "OPENVAS:136141256231064604", "OPENVAS:136141256231064607", "OPENVAS:136141256231064609", "OPENVAS:136141256231064657", "OPENVAS:136141256231064675", "OPENVAS:136141256231064678", "OPENVAS:136141256231064688", "OPENVAS:136141256231064689", "OPENVAS:136141256231064693", "OPENVAS:136141256231064757", "OPENVAS:136141256231064758", "OPENVAS:136141256231064832", "OPENVAS:136141256231064833", "OPENVAS:136141256231064834", "OPENVAS:136141256231064836", "OPENVAS:136141256231064841", "OPENVAS:136141256231064842", "OPENVAS:136141256231064854", "OPENVAS:136141256231064855", "OPENVAS:136141256231064870", "OPENVAS:136141256231064897", "OPENVAS:136141256231064902", "OPENVAS:136141256231064903", "OPENVAS:136141256231064904", "OPENVAS:136141256231064910", "OPENVAS:136141256231064920", "OPENVAS:136141256231064947", "OPENVAS:136141256231064948", "OPENVAS:136141256231064949", "OPENVAS:136141256231065253", "OPENVAS:136141256231065505", "OPENVAS:136141256231065705", "OPENVAS:136141256231065706", "OPENVAS:136141256231065720", "OPENVAS:136141256231065721", "OPENVAS:136141256231065726", "OPENVAS:136141256231065727", "OPENVAS:136141256231065734", "OPENVAS:136141256231065736", "OPENVAS:136141256231065737", "OPENVAS:136141256231065792", "OPENVAS:136141256231065858", "OPENVAS:136141256231065900", "OPENVAS:136141256231066059", "OPENVAS:136141256231066072", "OPENVAS:136141256231066076", "OPENVAS:136141256231066077", "OPENVAS:136141256231066091", "OPENVAS:136141256231066104", "OPENVAS:136141256231066180", "OPENVAS:136141256231066215", "OPENVAS:136141256231066225", "OPENVAS:136141256231066235", "OPENVAS:136141256231066238", "OPENVAS:136141256231066244", "OPENVAS:136141256231066262", "OPENVAS:136141256231066265", "OPENVAS:136141256231066266", "OPENVAS:136141256231066295", "OPENVAS:136141256231066301", "OPENVAS:136141256231066361", "OPENVAS:136141256231066362", "OPENVAS:136141256231066370", "OPENVAS:136141256231066376", "OPENVAS:136141256231066384", "OPENVAS:136141256231066388", "OPENVAS:136141256231066396", "OPENVAS:136141256231066492", "OPENVAS:136141256231066517", "OPENVAS:136141256231066547", "OPENVAS:136141256231066611", "OPENVAS:136141256231067138", "OPENVAS:136141256231067209", "OPENVAS:1361412562310800855", "OPENVAS:1361412562310800856", "OPENVAS:1361412562310800915", "OPENVAS:1361412562310800917", "OPENVAS:1361412562310830820", "OPENVAS:1361412562310830846", "OPENVAS:1361412562310830852", "OPENVAS:1361412562310830855", "OPENVAS:1361412562310830920", "OPENVAS:1361412562310831014", "OPENVAS:1361412562310831195", "OPENVAS:1361412562310831482", "OPENVAS:1361412562310840402", "OPENVAS:1361412562310861922", "OPENVAS:1361412562310870209", "OPENVAS:1361412562310870234", "OPENVAS:1361412562310870240", "OPENVAS:1361412562310870243", "OPENVAS:1361412562310880375", "OPENVAS:1361412562310880380", "OPENVAS:1361412562310880385", "OPENVAS:1361412562310880629", "OPENVAS:1361412562310880630", "OPENVAS:1361412562310880647", "OPENVAS:1361412562310880726", "OPENVAS:1361412562310880821", "OPENVAS:1361412562310880847", "OPENVAS:1361412562310880896", "OPENVAS:1361412562310880901", "OPENVAS:1361412562310900843", "OPENVAS:1361412562310900844", "OPENVAS:1361412562310900845", "OPENVAS:1361412562310900847", "OPENVAS:1361412562310900848", "OPENVAS:1361412562310900849", "OPENVAS:1361412562311220191428", "OPENVAS:1361412562311220191434", "OPENVAS:1361412562311220191544", "OPENVAS:1361412562311220191546", "OPENVAS:64508", "OPENVAS:64510", "OPENVAS:64513", "OPENVAS:64552", "OPENVAS:64554", "OPENVAS:64573", "OPENVAS:64574", "OPENVAS:64575", "OPENVAS:64577", "OPENVAS:64597", "OPENVAS:64604", "OPENVAS:64607", "OPENVAS:64609", "OPENVAS:64657", "OPENVAS:64675", "OPENVAS:64678", "OPENVAS:64688", "OPENVAS:64689", "OPENVAS:64693", "OPENVAS:64757", "OPENVAS:64758", "OPENVAS:64775", "OPENVAS:64832", "OPENVAS:64833", "OPENVAS:64834", "OPENVAS:64836", "OPENVAS:64841", "OPENVAS:64842", "OPENVAS:64854", "OPENVAS:64855", "OPENVAS:64870", "OPENVAS:64889", "OPENVAS:64892", "OPENVAS:64897", "OPENVAS:64902", "OPENVAS:64903", "OPENVAS:64904", "OPENVAS:64910", "OPENVAS:64920", "OPENVAS:64947", "OPENVAS:64948", "OPENVAS:64949", "OPENVAS:65253", "OPENVAS:65505", "OPENVAS:65705", "OPENVAS:65706", "OPENVAS:65720", "OPENVAS:65721", "OPENVAS:65726", "OPENVAS:65727", "OPENVAS:65734", "OPENVAS:65736", "OPENVAS:65737", "OPENVAS:65792", "OPENVAS:65858", "OPENVAS:65900", "OPENVAS:66059", "OPENVAS:66072", "OPENVAS:66076", "OPENVAS:66077", "OPENVAS:66091", "OPENVAS:66104", "OPENVAS:66180", "OPENVAS:66215", "OPENVAS:66225", "OPENVAS:66235", "OPENVAS:66238", "OPENVAS:66244", "OPENVAS:66262", "OPENVAS:66265", "OPENVAS:66266", "OPENVAS:66295", "OPENVAS:66301", "OPENVAS:66361", "OPENVAS:66362", "OPENVAS:66370", "OPENVAS:66376", "OPENVAS:66384", "OPENVAS:66388", "OPENVAS:66396", "OPENVAS:66492", "OPENVAS:66517", "OPENVAS:66547", "OPENVAS:66611", "OPENVAS:67138", "OPENVAS:67209", "OPENVAS:800855", "OPENVAS:800856", "OPENVAS:800915", "OPENVAS:830820", "OPENVAS:830846", "OPENVAS:830852", "OPENVAS:830855", "OPENVAS:830920", "OPENVAS:831014", "OPENVAS:831195", "OPENVAS:831482", "OPENVAS:840402", "OPENVAS:861922", "OPENVAS:870209", "OPENVAS:870234", "OPENVAS:870240", "OPENVAS:870243", "OPENVAS:880375", "OPENVAS:880380", "OPENVAS:880385", "OPENVAS:880629", "OPENVAS:880630", "OPENVAS:880647", "OPENVAS:880726", "OPENVAS:880821", "OPENVAS:880847", "OPENVAS:880896", "OPENVAS:880901", "OPENVAS:900843", "OPENVAS:900844", "OPENVAS:900845", "OPENVAS:900847", "OPENVAS:900848", "OPENVAS:900849"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1184", "ELSA-2009-1186", "ELSA-2009-1430", "ELSA-2009-1431", "ELSA-2009-1584", "ELSA-2010-0054", "ELSA-2010-0154", "ELSA-2010-0163", "ELSA-2010-0166"]}, {"type": "redhat", "idList": ["RHSA-2009:1184", "RHSA-2009:1186", "RHSA-2009:1190", "RHSA-2009:1207", "RHSA-2009:1430", "RHSA-2009:1431", "RHSA-2009:1432", "RHSA-2009:1560", "RHSA-2009:1571", "RHSA-2009:1584", "RHSA-2009:1662", "RHSA-2010:0054", "RHSA-2010:0095", "RHSA-2010:0153", "RHSA-2010:0154", "RHSA-2010:0163", "RHSA-2010:0166", "RHSA-2010:0440"]}, {"type": "rubygems", "idList": ["RUBY:RUBY-2013-4073-94628"]}, {"type": "saint", "idList": ["SAINT:3271FE047898168A411D63B998F970AD", "SAINT:34044ACFE657DA0EF6B135ABBE537528", "SAINT:5B6EBD5D00B42C33027F57A364C62085", "SAINT:76E6E570DAC99D2C71631967F7749C73"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22253", "SECURITYVULNS:DOC:22256", "SECURITYVULNS:DOC:22276", "SECURITYVULNS:DOC:22330", "SECURITYVULNS:DOC:22354", "SECURITYVULNS:DOC:22379", "SECURITYVULNS:DOC:22430", "SECURITYVULNS:DOC:22452", "SECURITYVULNS:DOC:22453", "SECURITYVULNS:DOC:22454", "SECURITYVULNS:DOC:22457", "SECURITYVULNS:DOC:23050", "SECURITYVULNS:DOC:23546", "SECURITYVULNS:DOC:24857", "SECURITYVULNS:DOC:29719", "SECURITYVULNS:DOC:30264", "SECURITYVULNS:VULN:10121", "SECURITYVULNS:VULN:10154", "SECURITYVULNS:VULN:10169", "SECURITYVULNS:VULN:10231", "SECURITYVULNS:VULN:10369", "SECURITYVULNS:VULN:10745", "SECURITYVULNS:VULN:13257"]}, {"type": "seebug", "idList": ["SSV:11950", "SSV:12447", "SSV:96525"]}, {"type": "suse", "idList": ["SUSE-SA:2009:048"]}, {"type": "talos", "idList": ["TALOS-2017-0294"]}, {"type": "threatpost", "idList": ["THREATPOST:E8934170DFDD56E0C8B8F5EA86038B74"]}, {"type": "ubuntu", "idList": ["USN-809-1", "USN-810-1", "USN-810-2", "USN-810-3", "USN-811-1", "USN-821-1", "USN-830-1", "USN-859-1", "USN-915-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-2408", "UB:CVE-2009-2409", "UB:CVE-2009-2654", "UB:CVE-2009-3072", "UB:CVE-2009-3075", "UB:CVE-2009-3076", "UB:CVE-2009-3077"]}, {"type": "vmware", "idList": ["VMSA-2010-0001", "VMSA-2010-0001.1", "VMSA-2010-0009", "VMSA-2010-0009.2", "VMSA-2010-0015", "VMSA-2010-0015.1", "VMSA-2010-0019", "VMSA-2010-0019.3"]}, {"type": "zdi", "idList": ["ZDI-09-065"]}]}, "score": {"value": 10.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["SENDMAIL_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2013-224"]}, {"type": "centos", "idList": ["CESA-2009:1430", "CESA-2009:1431", "CESA-2009:1432", "CESA-2009:1584", "CESA-2010:0054", "CESA-2010:0153", "CESA-2010:0154", "CESA-2010:0163", "CESA-2010:0166"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2009-129"]}, {"type": "cve", "idList": ["CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2654", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-3076", "CVE-2009-3077"]}, {"type": "debian", "idList": ["DEBIAN:56C805B941600C7D24189CA65B1A3471:E7DF7", "DEBIAN:DSA-1873-1:F50AD", "DEBIAN:DSA-2025-1:6CC79"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-2409"]}, {"type": "exploitdb", "idList": ["EDB-ID:33128"]}, {"type": "f5", "idList": ["SOL14909", "SOL15638", "SOL15663", "SOL15683"]}, {"type": "fedora", "idList": ["FEDORA:1D7C611126A", "FEDORA:52DB510F894", "FEDORA:832B210F8A5"]}, {"type": "freebsd", "idList": ["49E8F2EE-8147-11DE-A994-0030843D3802", "56CFE192-329F-11DF-ABB2-000F20797EDE", "922D2398-9E2D-11DE-A998-0030843D3802", "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-200912-01"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/FREEBSD-VID-5179D85C-8683-11DE-91B9-0022157515B2/"]}, {"type": "mozilla", "idList": ["MFSA2009-47"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0163.NASL", "DEBIAN_DSA-1873.NASL", "MANDRIVA_MDVSA-2009-197.NASL", "MOZILLA_FIREFOX_3014.NASL", "OPENSSL_0_9_8L.NASL", "REDHAT-RHSA-2009-1184.NASL", "REDHAT-RHSA-2010-0153.NASL", "SL_20090731_NSPR_AND_NSS_FOR_SL_4_X.NASL", "SUSE_11_1_MOZILLAFIREFOX-090916.NASL", "SUSE_11_LIBNEON-DEVEL-091012.NASL", "SUSE_11_MUTT-090909.NASL", "SUSE_FIREFOX35UPGRADE-6563.NASL", "SUSE_LIBNEON-DEVEL-6550.NASL", "SUSE_MUTT-6484.NASL", "UBUNTU_USN-811-1.NASL", "VMWARE_VMSA-2010-0009_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122380", "OPENVAS:136141256231064675", "OPENVAS:136141256231064693", "OPENVAS:136141256231064832", "OPENVAS:136141256231064833", "OPENVAS:136141256231064948", "OPENVAS:136141256231065706", "OPENVAS:136141256231065734", "OPENVAS:136141256231065792", "OPENVAS:136141256231066225", "OPENVAS:136141256231066262", "OPENVAS:136141256231066295", "OPENVAS:136141256231066396", "OPENVAS:136141256231066517", "OPENVAS:1361412562310800915", "OPENVAS:1361412562310830855", "OPENVAS:1361412562310900843", "OPENVAS:1361412562310900844", "OPENVAS:1361412562310900847", "OPENVAS:1361412562311220191428", "OPENVAS:1361412562311220191544", "OPENVAS:64855", "OPENVAS:66301", "OPENVAS:66396", "OPENVAS:800915", "OPENVAS:870243", "OPENVAS:880375", "OPENVAS:880630", "OPENVAS:880821", "OPENVAS:900843"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1430", "ELSA-2010-0166"]}, {"type": "redhat", "idList": ["RHSA-2009:1430"]}, {"type": "saint", "idList": ["SAINT:76E6E570DAC99D2C71631967F7749C73"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10169", "SECURITYVULNS:VULN:10231"]}, {"type": "seebug", "idList": ["SSV:12447"]}, {"type": "suse", "idList": ["SUSE-SA:2009:048"]}, {"type": "talos", "idList": ["TALOS-2017-0294"]}, {"type": "threatpost", "idList": ["THREATPOST:E8934170DFDD56E0C8B8F5EA86038B74"]}, {"type": "ubuntu", "idList": ["USN-809-1", "USN-810-1", "USN-810-2", "USN-810-3", "USN-821-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-2409"]}, {"type": "vmware", "idList": ["VMSA-2010-0019.3"]}, {"type": "zdi", "idList": ["ZDI-09-065"]}]}, "exploitation": null, "vulnersScore": 10.1}, "pluginID": "40923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1432. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40923);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_bugtraq_id(35803, 35888, 36343);\n script_xref(name:\"RHSA\", value:\"2009:1432\");\n\n script_name(english:\"RHEL 3 : seamonkey (RHSA-2009:1432)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use\nthis flaw to crash SeaMonkey or, potentially, execute arbitrary code\nwith the privileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDan Kaminsky discovered flaws in the way browsers such as SeaMonkey\nhandle NULL characters in a certificate. If an attacker is able to get\na carefully-crafted certificate signed by a Certificate Authority\ntrusted by SeaMonkey, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse SeaMonkey into\naccepting it by mistake. (CVE-2009-2408)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules\nwere not informative. An attacker able to trick a user into installing\na malicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it\npossible to trick the user into believing they are viewing a trusted\nsite or, potentially, execute arbitrary code with the privileges of\nthe user running SeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this\nflaw to conceal a malicious URL, possibly tricking a user into\nbelieving they are viewing a trusted site. (CVE-2009-2654)\n\nDan Kaminsky found that browsers still accept certificates with MD2\nhash signatures, even though MD2 is no longer considered a\ncryptographically strong algorithm. This could make it easier for an\nattacker to create a malicious certificate that would be treated as\ntrusted by a browser. NSS (provided by SeaMonkey) now disables the use\nof MD2 and MD4 algorithms inside signatures by default.\n(CVE-2009-2409)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect these issues. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1432\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 94, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1432\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.45.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.45.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.45.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.45.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.45.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.45.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.45.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.45.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.45.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.45.el3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel", "cpe:/o:redhat:enterprise_linux:3"], "solution": "Update the affected packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2009-09-09T00:00:00", "vulnerabilityPublicationDate": "2009-07-30T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"openvas": [{"lastseen": "2017-07-27T10:55:38", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1432.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nSeaMonkey, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse SeaMonkey into accepting\nit by mistake. (CVE-2009-2408)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\n(provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms\ninside signatures by default. (CVE-2009-2409)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1432", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-2409", "CVE-2009-2408", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64834", "href": "http://plugins.openvas.org/nasl.php?oid=64834", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1432.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1432 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1432.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nSeaMonkey, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse SeaMonkey into accepting\nit by mistake. (CVE-2009-2408)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\n(provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms\ninside signatures by default. (CVE-2009-2409)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64834);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1432\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1432.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:49", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2009:1432 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-2409", "CVE-2009-2408", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880821", "href": "http://plugins.openvas.org/nasl.php?oid=880821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2009:1432 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n \n A use-after-free flaw was found in SeaMonkey. An attacker could use this\n flaw to crash SeaMonkey or, potentially, execute arbitrary code with the\n privileges of the user running SeaMonkey. (CVE-2009-3077)\n \n Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle\n NULL characters in a certificate. If an attacker is able to get a\n carefully-crafted certificate signed by a Certificate Authority trusted by\n SeaMonkey, the attacker could use the certificate during a\n man-in-the-middle attack and potentially confuse SeaMonkey into accepting\n it by mistake. (CVE-2009-2408)\n \n Descriptions in the dialogs when adding and removing PKCS #11 modules were\n not informative. An attacker able to trick a user into installing a\n malicious PKCS #11 module could use this flaw to install their own\n Certificate Authority certificates on a user's machine, making it possible\n to trick the user into believing they are viewing a trusted site or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3076)\n \n A flaw was found in the way SeaMonkey displays the address bar when\n window.open() is called in a certain way. An attacker could use this flaw\n to conceal a malicious URL, possibly tricking a user into believing they\n are viewing a trusted site. (CVE-2009-2654)\n \n Dan Kaminsky found that browsers still accept certificates with MD2 hash\n signatures, even though MD2 is no longer considered a cryptographically\n strong algorithm. This could make it easier for an attacker to create a\n malicious certificate that would be treated as trusted by a browser. NSS\n (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms\n inside signatures by default. (CVE-2009-2409)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016131.html\");\n script_id(880821);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1432\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_name(\"CentOS Update for seamonkey CESA-2009:1432 centos3 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2009:1432 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-2409", "CVE-2009-2408", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2009:1432 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-September/016131.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880821\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1432\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_name(\"CentOS Update for seamonkey CESA-2009:1432 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'seamonkey'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"seamonkey on CentOS 3\");\n script_tag(name:\"insight\", value:\"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\n A use-after-free flaw was found in SeaMonkey. An attacker could use this\n flaw to crash SeaMonkey or, potentially, execute arbitrary code with the\n privileges of the user running SeaMonkey. (CVE-2009-3077)\n\n Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle\n NULL characters in a certificate. If an attacker is able to get a\n carefully-crafted certificate signed by a Certificate Authority trusted by\n SeaMonkey, the attacker could use the certificate during a\n man-in-the-middle attack and potentially confuse SeaMonkey into accepting\n it by mistake. (CVE-2009-2408)\n\n Descriptions in the dialogs when adding and removing PKCS #11 modules were\n not informative. An attacker able to trick a user into installing a\n malicious PKCS #11 module could use this flaw to install their own\n Certificate Authority certificates on a user's machine, making it possible\n to trick the user into believing they are viewing a trusted site or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3076)\n\n A flaw was found in the way SeaMonkey displays the address bar when\n window.open() is called in a certain way. An attacker could use this flaw\n to conceal a malicious URL, possibly tricking a user into believing they\n are viewing a trusted site. (CVE-2009-2654)\n\n Dan Kaminsky found that browsers still accept certificates with MD2 hash\n signatures, even though MD2 is no longer considered a cryptographically\n strong algorithm. This could make it easier for an attacker to create a\n malicious certificate that would be treated as trusted by a browser. NSS\n (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms\n inside signatures by default. (CVE-2009-2409)\n\n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:28", "description": "The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1432.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1432 (seamonkey)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-2409", "CVE-2009-2408", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064902", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064902", "sourceData": "#CESA-2009:1432 64902 2\n# $Id: ovcesa2009_1432.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1432 (seamonkey)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1432\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1432\nhttps://rhn.redhat.com/errata/RHSA-2009-1432.html\";\ntag_summary = \"The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1432.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64902\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1432 (seamonkey)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:09", "description": "The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1432.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1432 (seamonkey)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-2409", "CVE-2009-2408", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64902", "href": "http://plugins.openvas.org/nasl.php?oid=64902", "sourceData": "#CESA-2009:1432 64902 2\n# $Id: ovcesa2009_1432.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1432 (seamonkey)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1432\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1432\nhttps://rhn.redhat.com/errata/RHSA-2009-1432.html\";\ntag_summary = \"The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1432.\";\n\n\n\nif(description)\n{\n script_id(64902);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1432 (seamonkey)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.45.el3.centos3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:15", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1432.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nSeaMonkey, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse SeaMonkey into accepting\nit by mistake. (CVE-2009-2408)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\n(provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms\ninside signatures by default. (CVE-2009-2409)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1432", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-2409", "CVE-2009-2408", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064834", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064834", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1432.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1432 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1432.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nSeaMonkey, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse SeaMonkey into accepting\nit by mistake. (CVE-2009-2408)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\n(provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms\ninside signatures by default. (CVE-2009-2409)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64834\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1432\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1432.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.45.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2009:1431 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880896", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880896", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2009:1431 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-September/016136.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880896\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1431\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_name(\"CentOS Update for seamonkey CESA-2009:1431 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'seamonkey'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"seamonkey on CentOS 4\");\n script_tag(name:\"insight\", value:\"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\n A use-after-free flaw was found in SeaMonkey. An attacker could use this\n flaw to crash SeaMonkey or, potentially, execute arbitrary code with the\n privileges of the user running SeaMonkey. (CVE-2009-3077)\n\n Descriptions in the dialogs when adding and removing PKCS #11 modules were\n not informative. An attacker able to trick a user into installing a\n malicious PKCS #11 module could use this flaw to install their own\n Certificate Authority certificates on a user's machine, making it possible\n to trick the user into believing they are viewing a trusted site or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3076)\n\n A flaw was found in the way SeaMonkey displays the address bar when\n window.open() is called in a certain way. An attacker could use this flaw\n to conceal a malicious URL, possibly tricking a user into believing they\n are viewing a trusted site. (CVE-2009-2654)\n\n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:56:14", "description": "The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1431.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1431 (seamonkey)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64904", "href": "http://plugins.openvas.org/nasl.php?oid=64904", "sourceData": "#CESA-2009:1431 64904 2\n# $Id: ovcesa2009_1431.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1431 (seamonkey)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1431\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1431\nhttps://rhn.redhat.com/errata/RHSA-2009-1431.html\";\ntag_summary = \"The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1431.\";\n\n\n\nif(description)\n{\n script_id(64904);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1431 (seamonkey)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:46", "description": "The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1431.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1431 (seamonkey)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064904", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064904", "sourceData": "#CESA-2009:1431 64904 2\n# $Id: ovcesa2009_1431.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1431 (seamonkey)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1431\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1431\nhttps://rhn.redhat.com/errata/RHSA-2009-1431.html\";\ntag_summary = \"The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1431.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64904\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1431 (seamonkey)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:41", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1431.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1431", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064833", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064833", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1431.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1431 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1431.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64833\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1431\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1431.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:49", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2009:1431 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880896", "href": "http://plugins.openvas.org/nasl.php?oid=880896", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2009:1431 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n \n A use-after-free flaw was found in SeaMonkey. An attacker could use this\n flaw to crash SeaMonkey or, potentially, execute arbitrary code with the\n privileges of the user running SeaMonkey. (CVE-2009-3077)\n \n Descriptions in the dialogs when adding and removing PKCS #11 modules were\n not informative. An attacker able to trick a user into installing a\n malicious PKCS #11 module could use this flaw to install their own\n Certificate Authority certificates on a user's machine, making it possible\n to trick the user into believing they are viewing a trusted site or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3076)\n \n A flaw was found in the way SeaMonkey displays the address bar when\n window.open() is called in a certain way. An attacker could use this flaw\n to conceal a malicious URL, possibly tricking a user into believing they\n are viewing a trusted site. (CVE-2009-2654)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016136.html\");\n script_id(880896);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1431\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_name(\"CentOS Update for seamonkey CESA-2009:1431 centos4 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~48.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:09", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1431.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1431", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64833", "href": "http://plugins.openvas.org/nasl.php?oid=64833", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1431.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1431 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1431.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3072, CVE-2009-3075)\n\nA use-after-free flaw was found in SeaMonkey. An attacker could use this\nflaw to crash SeaMonkey or, potentially, execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2009-3077)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3076)\n\nA flaw was found in the way SeaMonkey displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64833);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1431\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1431.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~48.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:19", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1430.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. nspr provides the Netscape\nPortable Runtime (NSPR).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074,\nCVE-2009-3075)\n\nA use-after-free flaw was found in Firefox. An attacker could use this flaw\nto crash Firefox or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2009-3077)\n\nA flaw was found in the way Firefox handles malformed JavaScript. A website\nwith an object containing malicious JavaScript could execute that\nJavaScript with the privileges of the user running Firefox. (CVE-2009-3079)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3076)\n\nA flaw was found in the way Firefox displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nA flaw was found in the way Firefox displays certain Unicode characters. An\nattacker could use this flaw to conceal a malicious URL, possibly tricking\na user into believing they are viewing a trusted site. (CVE-2009-3078)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.14. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.14, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1430", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064832", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064832", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1430.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1430 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1430.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. nspr provides the Netscape\nPortable Runtime (NSPR).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074,\nCVE-2009-3075)\n\nA use-after-free flaw was found in Firefox. An attacker could use this flaw\nto crash Firefox or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2009-3077)\n\nA flaw was found in the way Firefox handles malformed JavaScript. A website\nwith an object containing malicious JavaScript could execute that\nJavaScript with the privileges of the user running Firefox. (CVE-2009-3079)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3076)\n\nA flaw was found in the way Firefox displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nA flaw was found in the way Firefox displays certain Unicode characters. An\nattacker could use this flaw to conceal a malicious URL, possibly tricking\na user into believing they are viewing a trusted site. (CVE-2009-3078)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.14. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.14, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64832\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1430\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1430.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.14\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.14~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.5~1.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.5~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:14", "description": "The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1430.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1430 (seamonkey)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064903", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064903", "sourceData": "#CESA-2009:1430 64903 4\n# $Id: ovcesa2009_1430.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1430 (seamonkey)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1430\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1430\nhttps://rhn.redhat.com/errata/RHSA-2009-1430.html\";\ntag_summary = \"The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1430.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64903\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1430 (seamonkey)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2009:1430 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880901", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2009:1430 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-September/016133.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880901\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1430\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_name(\"CentOS Update for firefox CESA-2009:1430 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 4\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox. nspr provides the Netscape\n Portable Runtime (NSPR).\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074,\n CVE-2009-3075)\n\n A use-after-free flaw was found in Firefox. An attacker could use this flaw\n to crash Firefox or, potentially, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2009-3077)\n\n A flaw was found in the way Firefox handles malformed JavaScript. A website\n with an object containing malicious JavaScript could execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2009-3079)\n\n Descriptions in the dialogs when adding and removing PKCS #11 modules were\n not informative. An attacker able to trick a user into installing a\n malicious PKCS #11 module could use this flaw to install their own\n Certificate Authority certificates on a user's machine, making it possible\n to trick the user into believing they are viewing a trusted site or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3076)\n\n A flaw was found in the way Firefox displays the address bar when\n window.open() is called in a certain way. An attacker could use this flaw\n to conceal a malicious URL, possibly tricking a user into believing they\n are viewing a trusted site. (CVE-2009-2654)\n\n A flaw was found in the way Firefox displays certain Unicode characters. An\n attacker could use this flaw to conceal a malicious URL, possibly tricking\n a user into believing they are viewing a trusted site. (CVE-2009-3078)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.0.14. You can find a link to the Mozilla\n advisories in the References section of this errata.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.0.14, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:51", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2009:1430 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880901", "href": "http://plugins.openvas.org/nasl.php?oid=880901", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2009:1430 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox. nspr provides the Netscape\n Portable Runtime (NSPR).\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074,\n CVE-2009-3075)\n \n A use-after-free flaw was found in Firefox. An attacker could use this flaw\n to crash Firefox or, potentially, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2009-3077)\n \n A flaw was found in the way Firefox handles malformed JavaScript. A website\n with an object containing malicious JavaScript could execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2009-3079)\n \n Descriptions in the dialogs when adding and removing PKCS #11 modules were\n not informative. An attacker able to trick a user into installing a\n malicious PKCS #11 module could use this flaw to install their own\n Certificate Authority certificates on a user's machine, making it possible\n to trick the user into believing they are viewing a trusted site or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3076)\n \n A flaw was found in the way Firefox displays the address bar when\n window.open() is called in a certain way. An attacker could use this flaw\n to conceal a malicious URL, possibly tricking a user into believing they\n are viewing a trusted site. (CVE-2009-2654)\n \n A flaw was found in the way Firefox displays certain Unicode characters. An\n attacker could use this flaw to conceal a malicious URL, possibly tricking\n a user into believing they are viewing a trusted site. (CVE-2009-3078)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.0.14. You can find a link to the Mozilla\n advisories in the References section of this errata.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.0.14, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016133.html\");\n script_id(880901);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1430\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_name(\"CentOS Update for firefox CESA-2009:1430 centos4 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:23", "description": "The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1430.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1430 (seamonkey)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64903", "href": "http://plugins.openvas.org/nasl.php?oid=64903", "sourceData": "#CESA-2009:1430 64903 4\n# $Id: ovcesa2009_1430.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1430 (seamonkey)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1430\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1430\nhttps://rhn.redhat.com/errata/RHSA-2009-1430.html\";\ntag_summary = \"The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1430.\";\n\n\n\nif(description)\n{\n script_id(64903);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1430 (seamonkey)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:31", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2009:1430 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880726", "href": "http://plugins.openvas.org/nasl.php?oid=880726", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2009:1430 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox. nspr provides the Netscape\n Portable Runtime (NSPR).\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074,\n CVE-2009-3075)\n \n A use-after-free flaw was found in Firefox. An attacker could use this flaw\n to crash Firefox or, potentially, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2009-3077)\n \n A flaw was found in the way Firefox handles malformed JavaScript. A website\n with an object containing malicious JavaScript could execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2009-3079)\n \n Descriptions in the dialogs when adding and removing PKCS #11 modules were\n not informative. An attacker able to trick a user into installing a\n malicious PKCS #11 module could use this flaw to install their own\n Certificate Authority certificates on a user's machine, making it possible\n to trick the user into believing they are viewing a trusted site or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3076)\n \n A flaw was found in the way Firefox displays the address bar when\n window.open() is called in a certain way. An attacker could use this flaw\n to conceal a malicious URL, possibly tricking a user into believing they\n are viewing a trusted site. (CVE-2009-2654)\n \n A flaw was found in the way Firefox displays certain Unicode characters. An\n attacker could use this flaw to conceal a malicious URL, possibly tricking\n a user into believing they are viewing a trusted site. (CVE-2009-3078)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.0.14. You can find a link to the Mozilla\n advisories in the References section of this errata.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.0.14, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016163.html\");\n script_id(880726);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1430\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_name(\"CentOS Update for firefox CESA-2009:1430 centos5 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:55", "description": "Oracle Linux Local Security Checks ELSA-2009-1430", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1430", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122439", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1430.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122439\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:24 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1430\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1430 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1430\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1430.html\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.0.1.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~1.0.1.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.14~1.0.1.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.14~1.0.1.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2009:1430 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880726", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2009:1430 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-September/016163.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880726\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1430\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_name(\"CentOS Update for firefox CESA-2009:1430 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox. nspr provides the Netscape\n Portable Runtime (NSPR).\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074,\n CVE-2009-3075)\n\n A use-after-free flaw was found in Firefox. An attacker could use this flaw\n to crash Firefox or, potentially, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2009-3077)\n\n A flaw was found in the way Firefox handles malformed JavaScript. A website\n with an object containing malicious JavaScript could execute that\n JavaScript with the privileges of the user running Firefox. (CVE-2009-3079)\n\n Descriptions in the dialogs when adding and removing PKCS #11 modules were\n not informative. An attacker able to trick a user into installing a\n malicious PKCS #11 module could use this flaw to install their own\n Certificate Authority certificates on a user's machine, making it possible\n to trick the user into believing they are viewing a trusted site or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3076)\n\n A flaw was found in the way Firefox displays the address bar when\n window.open() is called in a certain way. An attacker could use this flaw\n to conceal a malicious URL, possibly tricking a user into believing they\n are viewing a trusted site. (CVE-2009-2654)\n\n A flaw was found in the way Firefox displays certain Unicode characters. An\n attacker could use this flaw to conceal a malicious URL, possibly tricking\n a user into believing they are viewing a trusted site. (CVE-2009-3078)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.0.14. You can find a link to the Mozilla\n advisories in the References section of this errata.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.0.14, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.14~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:56:43", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1430.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. nspr provides the Netscape\nPortable Runtime (NSPR).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074,\nCVE-2009-3075)\n\nA use-after-free flaw was found in Firefox. An attacker could use this flaw\nto crash Firefox or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2009-3077)\n\nA flaw was found in the way Firefox handles malformed JavaScript. A website\nwith an object containing malicious JavaScript could execute that\nJavaScript with the privileges of the user running Firefox. (CVE-2009-3079)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3076)\n\nA flaw was found in the way Firefox displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nA flaw was found in the way Firefox displays certain Unicode characters. An\nattacker could use this flaw to conceal a malicious URL, possibly tricking\na user into believing they are viewing a trusted site. (CVE-2009-3078)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.14. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.14, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1430", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64832", "href": "http://plugins.openvas.org/nasl.php?oid=64832", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1430.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1430 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1430.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. nspr provides the Netscape\nPortable Runtime (NSPR).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074,\nCVE-2009-3075)\n\nA use-after-free flaw was found in Firefox. An attacker could use this flaw\nto crash Firefox or, potentially, execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2009-3077)\n\nA flaw was found in the way Firefox handles malformed JavaScript. A website\nwith an object containing malicious JavaScript could execute that\nJavaScript with the privileges of the user running Firefox. (CVE-2009-3079)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing a trusted site or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3076)\n\nA flaw was found in the way Firefox displays the address bar when\nwindow.open() is called in a certain way. An attacker could use this flaw\nto conceal a malicious URL, possibly tricking a user into believing they\nare viewing a trusted site. (CVE-2009-2654)\n\nA flaw was found in the way Firefox displays certain Unicode characters. An\nattacker could use this flaw to conceal a malicious URL, possibly tricking\na user into believing they are viewing a trusted site. (CVE-2009-3078)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.14. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.14, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64832);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1430\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1430.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.14\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.14~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.5~1.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.5~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.5~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.5~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.14~1.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-20T08:56:04", "description": "The host is installed with Mozilla Firefox browser and is prone\n to SSL server spoofing vulnerability.", "cvss3": {}, "published": "2009-08-05T00:00:00", "type": "openvas", "title": "Firefox SSL Server Spoofing Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408"], "modified": "2017-07-05T00:00:00", "id": "OPENVAS:800915", "href": "http://plugins.openvas.org/nasl.php?oid=800915", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_ssl_spoof_vuln_win.nasl 6530 2017-07-05 06:23:50Z cfischer $\n#\n# Firefox SSL Server Spoofing Vulnerability (Windows)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Attackers can exploit this issue via specially crafted certificates\n to spoof arbitrary SSL servers.\n Impact Level: Application\";\ntag_affected = \"Mozilla Firefox versions prior to 3.5\n NSS versions prior to 3.12.3 on Windows.\";\ntag_insight = \"- Lack of validation of domain name in a signed X.509 certificate lead\n to an error while processing a '\\0' character in a domain name in the\n subject's common Name (CN) field.\n - Lack of validation of the MD2 hash in a signed X.509 certificate can\n be exploited to generate fake intermediate SSL certificate that would\n be accepted as if it was authentic.\";\ntag_solution = \"Upgrade to Mozilla Firefox version 3.5 or NSS version 3.12.3 or later.\n For updates refer to http://www.mozilla.com/en-US/firefox/\n http://www.mozilla.org/projects/security/pki/nss/tools/\";\ntag_summary = \"The host is installed with Mozilla Firefox browser and is prone\n to SSL server spoofing vulnerability.\";\n\nif(description)\n{\n script_id(800915);\n script_version(\"$Revision: 6530 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-05 08:23:50 +0200 (Wed, 05 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-05 14:14:14 +0200 (Wed, 05 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\");\n script_bugtraq_id(35888);\n script_name(\"Firefox SSL Server Spoofing Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=510251\");\n script_xref(name : \"URL\" , value : \"http://www.wired.com/threatlevel/2009/07/kaminsky/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nfirefoxVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!firefoxVer){\n exit(0);\n}\n\nif(version_is_less(version:firefoxVer, test_version:\"3.5\"))\n{\n dllPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n \"\\App Paths\\firefox.exe\", item:\"Path\");\n if(dllPath != NULL)\n {\n share = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\n file = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath +\n \"\\nss3.dll\");\n dllVer = GetVer(share:share, file:file);\n if(dllVer != NULL)\n {\n if(version_is_less(version:dllVer, test_version:\"3.12.3\")){\n security_message(0);\n }\n }\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-29T22:26:38", "description": "The host is installed with Mozilla Firefox browser and is prone\n to SSL server spoofing vulnerability.", "cvss3": {}, "published": "2009-08-05T00:00:00", "type": "openvas", "title": "Firefox SSL Server Spoofing Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408"], "modified": "2020-04-27T00:00:00", "id": "OPENVAS:1361412562310800915", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800915", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Firefox SSL Server Spoofing Vulnerability (Windows)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800915\");\n script_version(\"2020-04-27T09:00:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 09:00:11 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-08-05 14:14:14 +0200 (Wed, 05 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\");\n script_bugtraq_id(35888);\n script_name(\"Firefox SSL Server Spoofing Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=510251\");\n script_xref(name:\"URL\", value:\"http://www.wired.com/threatlevel/2009/07/kaminsky/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_require_ports(139, 445);\n\n script_tag(name:\"impact\", value:\"Attackers can exploit this issue via specially crafted certificates\n to spoof arbitrary SSL servers.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox versions prior to 3.5\n NSS versions prior to 3.12.3 on Windows.\");\n\n script_tag(name:\"insight\", value:\"- Lack of validation of domain name in a signed X.509 certificate lead\n to an error while processing a '\\0' character in a domain name in the\n subject's common Name (CN) field.\n\n - Lack of validation of the MD2 hash in a signed X.509 certificate can\n be exploited to generate fake intermediate SSL certificate that would\n be accepted as if it was authentic.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 3.5 or NSS version 3.12.3 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox browser and is prone\n to SSL server spoofing vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nfirefoxVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!firefoxVer){\n exit(0);\n}\n\nif(version_is_less(version:firefoxVer, test_version:\"3.5\"))\n{\n dllPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n \"\\App Paths\\firefox.exe\", item:\"Path\");\n if(dllPath != NULL)\n {\n share = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\n file = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath +\n \"\\nss3.dll\");\n dllVer = GetVer(share:share, file:file);\n if(dllVer != NULL)\n {\n if(version_is_less(version:dllVer, test_version:\"3.12.3\")){\n report = report_fixed_ver(installed_version:dllVer, fixed_version:\"3.12.3\");\n security_message(port: 0, data: report);\n }\n }\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:56:51", "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 1885-1.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1885-1 (xulrunner)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64870", "href": "http://plugins.openvas.org/nasl.php?oid=64870", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1885_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1885-1 (xulrunner)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-3070\n\nJesse Ruderman discovered crashes in the layout engine, which\nmight allow the execution of arbitrary code.\n\nCVE-2009-3071\n\nDaniel Holbert, Jesse Ruderman, Olli Pettay and toshi discovered\ncrashes in the layout engine, which might allow the execution of\narbitrary code.\n\nCVE-2009-3072\n\nJosh Soref, Jesse Ruderman and Martin Wargers discovered crashes\nin the layout engine, which might allow the execution of arbitrary\ncode.\n\nCVE-2009-3074\n\nJesse Ruderman discovered a crash in the Javascript engine, which\nmight allow the execution of arbitrary code.\n\nCVE-2009-3075\n\nCarsten Book and Taral discovered crashes in the layout engine,\nwhich might allow the execution of arbitrary code.\n\nCVE-2009-3076\n\nJesse Ruderman discovered that the user interface for installing/\nremoving PCKS #11 securiy modules wasn't informative enough, which\nmight allow social engineering attacks.\n\nCVE-2009-3077\n\nIt was discovered that incorrect pointer handling in the XUL parser\ncould lead to the execution of arbitrary code.\n\nCVE-2009-3078\n\nJuan Pablo Lopez Yacubian discovered that incorrent rendering of\nsome Unicode font characters could lead to spoofing attacks on\nthe location bar.\n\nFor the stable distribution (lenny), these problems have been fixed\nin version 1.9.0.14-0lenny1.\n\nAs indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.14-1.\n\nFor the experimental distribution, these problems have been fixed in\nversion 1.9.1.3-1.\n\nWe recommend that you upgrade your xulrunner package.\";\ntag_summary = \"The remote host is missing an update to xulrunner\nannounced via advisory DSA 1885-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201885-1\";\n\n\nif(description)\n{\n script_id(64870);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1885-1 (xulrunner)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dbg\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d-dbg\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:32", "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 1885-1.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1885-1 (xulrunner)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064870", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064870", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1885_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1885-1 (xulrunner)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-3070\n\nJesse Ruderman discovered crashes in the layout engine, which\nmight allow the execution of arbitrary code.\n\nCVE-2009-3071\n\nDaniel Holbert, Jesse Ruderman, Olli Pettay and toshi discovered\ncrashes in the layout engine, which might allow the execution of\narbitrary code.\n\nCVE-2009-3072\n\nJosh Soref, Jesse Ruderman and Martin Wargers discovered crashes\nin the layout engine, which might allow the execution of arbitrary\ncode.\n\nCVE-2009-3074\n\nJesse Ruderman discovered a crash in the Javascript engine, which\nmight allow the execution of arbitrary code.\n\nCVE-2009-3075\n\nCarsten Book and Taral discovered crashes in the layout engine,\nwhich might allow the execution of arbitrary code.\n\nCVE-2009-3076\n\nJesse Ruderman discovered that the user interface for installing/\nremoving PCKS #11 securiy modules wasn't informative enough, which\nmight allow social engineering attacks.\n\nCVE-2009-3077\n\nIt was discovered that incorrect pointer handling in the XUL parser\ncould lead to the execution of arbitrary code.\n\nCVE-2009-3078\n\nJuan Pablo Lopez Yacubian discovered that incorrent rendering of\nsome Unicode font characters could lead to spoofing attacks on\nthe location bar.\n\nFor the stable distribution (lenny), these problems have been fixed\nin version 1.9.0.14-0lenny1.\n\nAs indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.14-1.\n\nFor the experimental distribution, these problems have been fixed in\nversion 1.9.1.3-1.\n\nWe recommend that you upgrade your xulrunner package.\";\ntag_summary = \"The remote host is missing an update to xulrunner\nannounced via advisory DSA 1885-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201885-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64870\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1885-1 (xulrunner)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dbg\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d-dbg\", ver:\"1.9.0.14-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:08", "description": "The remote host is missing an update to epiphany\nannounced via advisory FEDORA-2009-9494.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9494 (epiphany)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064854", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064854", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9494.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9494 (epiphany)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream Firefox version 3.0.14, fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.14\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nChangeLog:\n\n* Wed Sep 9 2009 Jan Horak - 2.24.3-10\n- Rebuild against newer gecko\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update epiphany' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9494\";\ntag_summary = \"The remote host is missing an update to epiphany\nannounced via advisory FEDORA-2009-9494.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64854\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-9494 (epiphany)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521686\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521687\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521688\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521690\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521691\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521692\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521693\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521694\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521695\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.3~10.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.3~10.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-debuginfo\", rpm:\"epiphany-debuginfo~2.24.3~10.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:36", "description": "The remote host is missing an update to xulrunner-1.9\nannounced via advisory USN-821-1.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Ubuntu USN-821-1 (xulrunner-1.9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64889", "href": "http://plugins.openvas.org/nasl.php?oid=64889", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_821_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_821_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-821-1 (xulrunner-1.9)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n firefox-3.0 3.0.14+build2+nobinonly-0ubuntu0.8.04.1\n xulrunner-1.9 1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1\n\nUbuntu 8.10:\n abrowser 3.0.14+build2+nobinonly-0ubuntu0.8.10.1\n firefox-3.0 3.0.14+build2+nobinonly-0ubuntu0.8.10.1\n xulrunner-1.9 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1\n\nUbuntu 9.04:\n abrowser 3.0.14+build2+nobinonly-0ubuntu0.9.04.1\n firefox-3.0 3.0.14+build2+nobinonly-0ubuntu0.9.04.1\n xulrunner-1.9 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1\n\nAfter a standard system upgrade you need to restart Firefox and any\napplications that use xulrunner, such as Epiphany, to effect the necessary\nchanges.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-821-1\";\n\ntag_insight = \"Several flaws were discovered in the Firefox browser and JavaScript\nengines. If a user were tricked into viewing a malicious website, a remote\nattacker could cause a denial of service or possibly execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2009-3070,\nCVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075)\n\nJesse Ruderman and Dan Kaminsky discovered that Firefox did not adequately\ninform users when security modules were added or removed via PKCS11. If\na user visited a malicious website, an attacker could exploit this to\ntrick the user into installing a malicious PKCS11 module. (CVE-2009-3076)\n\nIt was discovered that Firefox did not properly manage memory when using\nXUL tree elements. If a user were tricked into viewing a malicious website,\na remote attacker could cause a denial of service or possibly execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2009-3077)\n\nJuan Pablo Lopez Yacubian discovered that Firefox did properly display\ncertain Unicode characters in the location bar and other text fields when\nusing a certain non-Ubuntu font. If a user configured Firefox to use this\nfont, an attacker could exploit this to spoof the location bar, such as in\na phishing attack. (CVE-2009-3078)\n\nIt was discovered that the BrowserFeedWriter in Firefox could be subverted\nto run JavaScript code from web content with elevated chrome privileges.\nIf a user were tricked into viewing a malicious website, an attacker could\nexploit this to execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2009-3079)\";\ntag_summary = \"The remote host is missing an update to xulrunner-1.9\nannounced via advisory USN-821-1.\";\n\n \n\n\nif(description)\n{\n script_id(64889);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-821-1 (xulrunner-1.9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-821-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:03", "description": "The remote host is missing an update to epiphany\nannounced via advisory FEDORA-2009-9494.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9494 (epiphany)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64854", "href": "http://plugins.openvas.org/nasl.php?oid=64854", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9494.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9494 (epiphany)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream Firefox version 3.0.14, fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.14\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nChangeLog:\n\n* Wed Sep 9 2009 Jan Horak - 2.24.3-10\n- Rebuild against newer gecko\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update epiphany' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9494\";\ntag_summary = \"The remote host is missing an update to epiphany\nannounced via advisory FEDORA-2009-9494.\";\n\n\n\nif(description)\n{\n script_id(64854);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-9494 (epiphany)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521686\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521687\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521688\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521690\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521691\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521692\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521693\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521694\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521695\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.3~10.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.3~10.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-debuginfo\", rpm:\"epiphany-debuginfo~2.24.3~10.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:09", "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.", "cvss3": {}, "published": "2010-04-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2025-1 (icedove)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-3072", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-2404"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:67209", "href": "http://plugins.openvas.org/nasl.php?oid=67209", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2025_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2025-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-2408\n\nDan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42).\n\nCVE-2009-2404\n\nMoxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43).\n\nCVE-2009-2463\n\nmonarch2020 discovered an integer overflow n a base64 decoding function\n(MFSA 2010-07).\n\nCVE-2009-3072\n\nJosh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).\n\nCVE-2009-3075\n\nCarsten Book reported a crash in the JavaScript engine (MFSA 2010-07).\n\nCVE-2010-0163\n\nLudovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1.\n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.\n\nFor the testing distribution squeeze and the unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202025-1\";\n\n\nif(description)\n{\n script_id(67209);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 21:31:38 +0200 (Tue, 06 Apr 2010)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2404\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2010-0163\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2025-1 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:05:23", "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.", "cvss3": {}, "published": "2010-04-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2025-1 (icedove)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-3072", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-2404"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:136141256231067209", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067209", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2025_1.nasl 8495 2018-01-23 07:57:49Z teissa $\n# Description: Auto-generated from advisory DSA 2025-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-2408\n\nDan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42).\n\nCVE-2009-2404\n\nMoxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43).\n\nCVE-2009-2463\n\nmonarch2020 discovered an integer overflow n a base64 decoding function\n(MFSA 2010-07).\n\nCVE-2009-3072\n\nJosh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).\n\nCVE-2009-3075\n\nCarsten Book reported a crash in the JavaScript engine (MFSA 2010-07).\n\nCVE-2010-0163\n\nLudovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1.\n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.\n\nFor the testing distribution squeeze and the unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 2025-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202025-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67209\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 21:31:38 +0200 (Tue, 06 Apr 2010)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2404\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2010-0163\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2025-1 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.24-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:13", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:048.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-2663", "CVE-2009-2662", "CVE-2009-3073", "CVE-2009-2408", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-2664", "CVE-2009-3077", "CVE-2009-2404", "CVE-2009-3078"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66104", "href": "http://plugins.openvas.org/nasl.php?oid=66104", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_048.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:048 (MozillaFirefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Mozilla Firefox was updated to current stable versions on all\naffected Linux products.\n\nopenSUSE 10.3,11.0 and 11.1: Firefox was updated to the current stable\nbranch version 3.0.14. These updates were already released on\nSeptember 21st.\n\nThe SUSE Linux Enterprise 11 products were upgraded to Mozilla Firefox\n3.5.3, released on September 30th.\n\nThe SUSE Linux Enterprise 10 Service Pack 2 and 3 were upgraded to\nMozilla Firefox 3.5.3, released on October 20th.\n\nFor details on the issues addresses with these updates, please\nvisit the referenced security advisories.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:048\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:048.\";\n\n \n\nif(description)\n{\n script_id(66104);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2654\", \"CVE-2009-2662\", \"CVE-2009-2663\", \"CVE-2009-2664\", \"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.14~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.14~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.14~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-64bit\", rpm:\"mozilla-xulrunner190-64bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-64bit\", rpm:\"mozilla-xulrunner190-gnomevfs-64bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-64bit\", rpm:\"mozilla-xulrunner190-translations-64bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-64bit\", rpm:\"mozilla-xulrunner190-64bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-64bit\", rpm:\"mozilla-xulrunner190-gnomevfs-64bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-64bit\", rpm:\"mozilla-xulrunner190-translations-64bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-32bit\", rpm:\"mozilla-xulrunner190-32bit~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-32bit\", rpm:\"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-32bit\", rpm:\"mozilla-xulrunner190-translations-32bit~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-32bit\", rpm:\"mozilla-xulrunner190-32bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-32bit\", rpm:\"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-32bit\", rpm:\"mozilla-xulrunner190-translations-32bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-32bit\", rpm:\"mozilla-xulrunner190-32bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-32bit\", rpm:\"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-32bit\", rpm:\"mozilla-xulrunner190-translations-32bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:19", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:048.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-2663", "CVE-2009-2662", "CVE-2009-3073", "CVE-2009-2408", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-2654", "CVE-2009-2664", "CVE-2009-3077", "CVE-2009-2404", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066104", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066104", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_048.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:048 (MozillaFirefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Mozilla Firefox was updated to current stable versions on all\naffected Linux products.\n\nopenSUSE 10.3,11.0 and 11.1: Firefox was updated to the current stable\nbranch version 3.0.14. These updates were already released on\nSeptember 21st.\n\nThe SUSE Linux Enterprise 11 products were upgraded to Mozilla Firefox\n3.5.3, released on September 30th.\n\nThe SUSE Linux Enterprise 10 Service Pack 2 and 3 were upgraded to\nMozilla Firefox 3.5.3, released on October 20th.\n\nFor details on the issues addresses with these updates, please\nvisit the referenced security advisories.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:048\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:048.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66104\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2654\", \"CVE-2009-2662\", \"CVE-2009-2663\", \"CVE-2009-2664\", \"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.14~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.14~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.14~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-64bit\", rpm:\"mozilla-xulrunner190-64bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-64bit\", rpm:\"mozilla-xulrunner190-gnomevfs-64bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-64bit\", rpm:\"mozilla-xulrunner190-translations-64bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-64bit\", rpm:\"mozilla-xulrunner190-64bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-64bit\", rpm:\"mozilla-xulrunner190-gnomevfs-64bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-64bit\", rpm:\"mozilla-xulrunner190-translations-64bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-32bit\", rpm:\"mozilla-xulrunner190-32bit~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-32bit\", rpm:\"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-32bit\", rpm:\"mozilla-xulrunner190-translations-32bit~1.9.0.14~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-32bit\", rpm:\"mozilla-xulrunner190-32bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-32bit\", rpm:\"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-32bit\", rpm:\"mozilla-xulrunner190-translations-32bit~1.9.0.14~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-32bit\", rpm:\"mozilla-xulrunner190-32bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs-32bit\", rpm:\"mozilla-xulrunner190-gnomevfs-32bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations-32bit\", rpm:\"mozilla-xulrunner190-translations-32bit~1.9.0.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:04", "description": "Oracle Linux Local Security Checks ELSA-2009-1186", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122465", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1186.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122465\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:56 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1186\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1186 - nspr and nss security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1186\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1186.html\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.3.99.3~1.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:28:11", "description": "The remote host is missing an update to fixed\nannounced via advisory USN-810-2.\n\nOriginal advisory details:\n\n Moxie Marlinspike discovered that NSS did not properly handle regular\n expressions in certificate names. A remote attacker could create a\n specially crafted certificate to cause a denial of service (via application\n crash) or execute arbitrary code as the user invoking the program.\n (CVE-2009-2404)\n \n Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did\n not properly handle certificates with NULL characters in the certificate\n name. An attacker could exploit this to perform a man in the middle attack\n to view sensitive information or alter encrypted communications.\n (CVE-2009-2408)\n \n Dan Kaminsky discovered NSS would still accept certificates with MD2 hash\n signatures. As a result, an attacker could potentially create a malicious\n trusted certificate to impersonate another site. (CVE-2009-2409)", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Ubuntu USN-810-2 (fixed)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64574", "href": "http://plugins.openvas.org/nasl.php?oid=64574", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_810_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_810_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-810-2 (fixed)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing an update to fixed\nannounced via advisory USN-810-2.\n\nOriginal advisory details:\n\n Moxie Marlinspike discovered that NSS did not properly handle regular\n expressions in certificate names. A remote attacker could create a\n specially crafted certificate to cause a denial of service (via application\n crash) or execute arbitrary code as the user invoking the program.\n (CVE-2009-2404)\n \n Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did\n not properly handle certificates with NULL characters in the certificate\n name. An attacker could exploit this to perform a man in the middle attack\n to view sensitive information or alter encrypted communications.\n (CVE-2009-2408)\n \n Dan Kaminsky discovered NSS would still accept certificates with MD2 hash\n signatures. As a result, an attacker could potentially create a malicious\n trusted certificate to impersonate another site. (CVE-2009-2409)\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=USN-810-2\";\n \n\nif(description)\n{\n script_id(64574);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-810-2 (fixed)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-810-2/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"4.7.5-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"4.7.5-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"4.7.5-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"4.7.5-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"4.7.5-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"4.7.5-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"4.7.5-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"4.7.5-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"4.7.5-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:02", "description": "The remote host is missing updates to Netscape Portable Runtime (NSPR)\nand Network Security Services (NSS) announced in advisory RHSA-2009:1207.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1207", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064597", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064597", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1207.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1207 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to Netscape Portable Runtime (NSPR)\nand Network Security Services (NSS) announced in advisory RHSA-2009:1207.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64597\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1207\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1207.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:54", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1190.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues address in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1190", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064513", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064513", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1190.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1190 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1190.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues address in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64513\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1190\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1190.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el4_7.6\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el4_7.6\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el4_7.6\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:51", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1184.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1184", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64508", "href": "http://plugins.openvas.org/nasl.php?oid=64508", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1184.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1184 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1184.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64508);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1184\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1184.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:46", "description": "The remote host is missing an update to nss\nannounced via advisory USN-810-1.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Ubuntu USN-810-1 (nss)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64573", "href": "http://plugins.openvas.org/nasl.php?oid=64573", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_810_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_810_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-810-1 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n libnss3-1d 3.12.3.1-0ubuntu0.8.04.1\n\nUbuntu 8.10:\n libnss3-1d 3.12.3.1-0ubuntu0.8.10.1\n\nUbuntu 9.04:\n libnss3-1d 3.12.3.1-0ubuntu0.9.04.1\n\nAfter a standard system upgrade you need to restart an applications that\nuse NSS, such as Firefox, to effect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-810-1\";\n\ntag_insight = \"Moxie Marlinspike discovered that NSS did not properly handle regular\nexpressions in certificate names. A remote attacker could create a\nspecially crafted certificate to cause a denial of service (via application\ncrash) or execute arbitrary code as the user invoking the program.\n(CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did\nnot properly handle certificates with NULL characters in the certificate\nname. An attacker could exploit this to perform a man in the middle attack\nto view sensitive information or alter encrypted communications.\n(CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash\nsignatures. As a result, an attacker could potentially create a malicious\ntrusted certificate to impersonate another site. (CVE-2009-2409)\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory USN-810-1.\";\n\n \n\n\nif(description)\n{\n script_id(64573);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-810-1 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-810-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:50", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1184.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1184", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064508", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064508", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1184.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1184 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1184.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64508\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1184\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1184.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:49", "description": "The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:197 (nss)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64607", "href": "http://plugins.openvas.org/nasl.php?oid=64607", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_197.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:197 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries\nwhich are not vulnerable to those attacks.\n\nAffected: 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197.\";\n\n \n\nif(description)\n{\n script_id(64607);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:197 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:39", "description": "The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-2.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:197-2 (nss)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64842", "href": "http://plugins.openvas.org/nasl.php?oid=64842", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_197_2.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:197-2 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries\nwhich are not vulnerable to those attacks.\n\nUpdate:\n\nThis update also provides fixed packages for Mandriva Linux 2008.1\nand fixes mozilla-thunderbird error messages.\n\nAffected: 2008.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197-2\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-2.\";\n\n \n\nif(description)\n{\n script_id(64842);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:197-2 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:24", "description": "The remote host is missing an update to nss\nannounced via advisory DSA 1874-1.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1874-1 (nss)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64758", "href": "http://plugins.openvas.org/nasl.php?oid=64758", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1874_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1874-1 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Network Security\nService libraries. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-2404\n\nMoxie Marlinspike discovered that a buffer overflow in the regular\nexpression parser could lead to the execution of arbitrary code.\n\nCVE-2009-2408\n\nDan Kaminsky discovered that NULL characters in certificate\nnames could lead to man-in-the-middle attacks by tricking the user\ninto accepting a rogue certificate.\n\nCVE-2009-2409\n\nCertificates with MD2 hash signatures are no longer accepted\nsince they're no longer considered cryptograhically secure.\n\n\nThe old stable distribution (etch) doesn't contain nss.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.12.3.1-0lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.12.3.1-1.\n\nWe recommend that you upgrade your nss packages.\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory DSA 1874-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201874-1\";\n\n\nif(description)\n{\n script_id(64758);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1874-1 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:08", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1186.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues and add an enhancement.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064510", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064510", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1186.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1186 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1186.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues and add an enhancement.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64510\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1186\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1186.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHBA-2009-1161.html\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:58", "description": "The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-3.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:197-3 (nss)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066362", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066362", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_197_3.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:197-3 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries\nwhich are not vulnerable to those attacks.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197-3\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-3.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66362\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:197-3 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:53", "description": "The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-2.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:197-2 (nss)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064842", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064842", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_197_2.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:197-2 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries\nwhich are not vulnerable to those attacks.\n\nUpdate:\n\nThis update also provides fixed packages for Mandriva Linux 2008.1\nand fixes mozilla-thunderbird error messages.\n\nAffected: 2008.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197-2\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-2.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64842\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:197-2 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:57", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1186.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues and add an enhancement.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64510", "href": "http://plugins.openvas.org/nasl.php?oid=64510", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1186.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1186 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1186.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues and add an enhancement.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64510);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1186\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1186.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHBA-2009-1161.html\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:27", "description": "The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:197 (nss)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064607", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064607", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_197.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:197 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries\nwhich are not vulnerable to those attacks.\n\nAffected: 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64607\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:197 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:34", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1190.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues address in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1190", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64513", "href": "http://plugins.openvas.org/nasl.php?oid=64513", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1190.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1190 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1190.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues address in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64513);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1190\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1190.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el4_7.6\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el4_7.6\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el4_7.6\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:15", "description": "The remote host is missing an update to nss\nannounced via advisory DSA 1874-1.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1874-1 (nss)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064758", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064758", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1874_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1874-1 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Network Security\nService libraries. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-2404\n\nMoxie Marlinspike discovered that a buffer overflow in the regular\nexpression parser could lead to the execution of arbitrary code.\n\nCVE-2009-2408\n\nDan Kaminsky discovered that NULL characters in certificate\nnames could lead to man-in-the-middle attacks by tricking the user\ninto accepting a rogue certificate.\n\nCVE-2009-2409\n\nCertificates with MD2 hash signatures are no longer accepted\nsince they're no longer considered cryptograhically secure.\n\n\nThe old stable distribution (etch) doesn't contain nss.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.12.3.1-0lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.12.3.1-1.\n\nWe recommend that you upgrade your nss packages.\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory DSA 1874-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201874-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64758\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1874-1 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:14", "description": "Oracle Linux Local Security Checks ELSA-2009-1184", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1184", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1184.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122461\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:50 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1184\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1184 - nspr and nss security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1184\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1184.html\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.3.99.3~1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:55:55", "description": "The remote host is missing updates to Netscape Portable Runtime (NSPR)\nand Network Security Services (NSS) announced in advisory RHSA-2009:1207.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1207", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64597", "href": "http://plugins.openvas.org/nasl.php?oid=64597", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1207.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1207 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to Netscape Portable Runtime (NSPR)\nand Network Security Services (NSS) announced in advisory RHSA-2009:1207.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64597);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1207\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1207.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:00", "description": "The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-3.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:197-3 (nss)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66362", "href": "http://plugins.openvas.org/nasl.php?oid=66362", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_197_3.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:197-3 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries\nwhich are not vulnerable to those attacks.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197-3\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-3.\";\n\n \n\nif(description)\n{\n script_id(66362);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:197-3 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:03", "description": "The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:198.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:198 (firefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-2654", "CVE-2009-2404"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64604", "href": "http://plugins.openvas.org/nasl.php?oid=64604", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_198.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:198 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in firefox 3.0.x:\n\nSecurity researcher Juan Pablo Lopez Yacubian reported that an attacker\ncould call window.open() on an invalid URL which looks similar to a\nlegitimate URL and then use document.write() to place content within\nthe new document, appearing to have come from the spoofed location\n(CVE-2009-2654).\n\nMoxie Marlinspike reported a heap overflow vulnerability in the\ncode that handles regular expressions in certificate names. This\nvulnerability could be used to compromise the browser and run arbitrary\ncode by presenting a specially crafted certificate to the client\n(CVE-2009-2404).\n\nIOActive security researcher Dan Kaminsky reported a mismatch in the\ntreatment of domain names in SSL certificates between SSL clients and\nthe Certificate Authorities (CA) which issue server certificates. These\ncertificates could be used to intercept and potentially alter encrypted\ncommunication between the client and a server such as sensitive bank\naccount transactions (CVE-2009-2408).\n\nThis update provides the latest Mozilla Firefox 3.0.x to correct\nthese issues.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nAffected: 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:198\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.13\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:198.\";\n\n \n\nif(description)\n{\n script_id(64604);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-2404\", \"CVE-2009-2408\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:198 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.0.1~3.11mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.0.1~3.11mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.5~4.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~4.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.779~5.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.1.0.12~2.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~2.3.1~2.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.26.1~1.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.26.1~1.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.798~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-foxmarks\", rpm:\"firefox-ext-foxmarks~2.7.2~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.6~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-r-kiosk\", rpm:\"firefox-ext-r-kiosk~0.7.2~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.2.3~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~9.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-common\", rpm:\"google-gadgets-common~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-gtk\", rpm:\"google-gadgets-gtk~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-qt\", rpm:\"google-gadgets-qt~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-xul\", rpm:\"google-gadgets-xul~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget1.0_0\", rpm:\"libggadget1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-gtk1.0_0\", rpm:\"libggadget-gtk1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-qt1.0_0\", rpm:\"libggadget-qt1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgoogle-gadgets-devel\", rpm:\"libgoogle-gadgets-devel~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom\", rpm:\"python-xpcom~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.26.0~3.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget1.0_0\", rpm:\"lib64ggadget1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-gtk1.0_0\", rpm:\"lib64ggadget-gtk1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-qt1.0_0\", rpm:\"lib64ggadget-qt1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64google-gadgets-devel\", rpm:\"lib64google-gadgets-devel~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.9mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:19", "description": "The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:198.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:198 (firefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-2654", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064604", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064604", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_198.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:198 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in firefox 3.0.x:\n\nSecurity researcher Juan Pablo Lopez Yacubian reported that an attacker\ncould call window.open() on an invalid URL which looks similar to a\nlegitimate URL and then use document.write() to place content within\nthe new document, appearing to have come from the spoofed location\n(CVE-2009-2654).\n\nMoxie Marlinspike reported a heap overflow vulnerability in the\ncode that handles regular expressions in certificate names. This\nvulnerability could be used to compromise the browser and run arbitrary\ncode by presenting a specially crafted certificate to the client\n(CVE-2009-2404).\n\nIOActive security researcher Dan Kaminsky reported a mismatch in the\ntreatment of domain names in SSL certificates between SSL clients and\nthe Certificate Authorities (CA) which issue server certificates. These\ncertificates could be used to intercept and potentially alter encrypted\ncommunication between the client and a server such as sensitive bank\naccount transactions (CVE-2009-2408).\n\nThis update provides the latest Mozilla Firefox 3.0.x to correct\nthese issues.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nAffected: 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:198\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.13\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:198.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64604\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2654\", \"CVE-2009-2404\", \"CVE-2009-2408\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:198 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.0.1~3.11mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.0.1~3.11mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.5~4.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~4.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.779~5.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.1.0.12~2.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~2.3.1~2.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.8~13.14mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.21~3.9mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.13~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.26.1~1.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.26.1~1.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.798~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-foxmarks\", rpm:\"firefox-ext-foxmarks~2.7.2~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.6~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-r-kiosk\", rpm:\"firefox-ext-r-kiosk~0.7.2~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.2.3~2.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~9.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.25.3~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-common\", rpm:\"google-gadgets-common~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-gtk\", rpm:\"google-gadgets-gtk~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-qt\", rpm:\"google-gadgets-qt~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-xul\", rpm:\"google-gadgets-xul~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget1.0_0\", rpm:\"libggadget1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-gtk1.0_0\", rpm:\"libggadget-gtk1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-qt1.0_0\", rpm:\"libggadget-qt1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgoogle-gadgets-devel\", rpm:\"libgoogle-gadgets-devel~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.9~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom\", rpm:\"python-xpcom~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.26.0~3.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget1.0_0\", rpm:\"lib64ggadget1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-gtk1.0_0\", rpm:\"lib64ggadget-gtk1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-qt1.0_0\", rpm:\"lib64ggadget-qt1.0_0~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64google-gadgets-devel\", rpm:\"lib64google-gadgets-devel~0.10.5~8.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.7~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.13~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.9mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.13~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:03", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-branding-SLED\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n mozilla-xulrunner191\n mozilla-xulrunner191-gnomevfs\n mozilla-xulrunner191-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SLES10: Security update for Mozilla Firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66077", "href": "http://plugins.openvas.org/nasl.php?oid=66077", "sourceData": "#\n#VID slesp2-firefox35upgrade-6562\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Mozilla Firefox\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-branding-SLED\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n mozilla-xulrunner191\n mozilla-xulrunner191-gnomevfs\n mozilla-xulrunner191-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66077);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Mozilla Firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.5.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED\", rpm:\"MozillaFirefox-branding-SLED~3.5~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.5.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~0.5.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~0.5.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~0.5.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191\", rpm:\"mozilla-xulrunner191~1.9.1.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs\", rpm:\"mozilla-xulrunner191-gnomevfs~1.9.1.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations\", rpm:\"mozilla-xulrunner191-translations~1.9.1.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:49", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-branding-SLED\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n mozilla-xulrunner191\n mozilla-xulrunner191-gnomevfs\n mozilla-xulrunner191-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SLES10: Security update for Mozilla Firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066077", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066077", "sourceData": "#\n#VID slesp2-firefox35upgrade-6562\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Mozilla Firefox\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-branding-SLED\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n mozilla-xulrunner191\n mozilla-xulrunner191-gnomevfs\n mozilla-xulrunner191-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66077\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Mozilla Firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.5.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED\", rpm:\"MozillaFirefox-branding-SLED~3.5~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.5.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~0.5.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~0.5.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~0.5.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191\", rpm:\"mozilla-xulrunner191~1.9.1.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs\", rpm:\"mozilla-xulrunner191-gnomevfs~1.9.1.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations\", rpm:\"mozilla-xulrunner191-translations~1.9.1.3~1.4.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:38", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for Mozilla", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65727", "href": "http://plugins.openvas.org/nasl.php?oid=65727", "sourceData": "#\n#VID 37796416bd210b06cf2ab2fa7d6b1bd9\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=534458\");\n script_id(65727);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:30", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for Mozilla", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065727", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065727", "sourceData": "#\n#VID 37796416bd210b06cf2ab2fa7d6b1bd9\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=534458\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65727\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.14~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.14~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.14~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:03", "description": "The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:236.", "cvss3": {}, "published": "2009-09-21T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:236 (firefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064910", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064910", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_236.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:236 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in firefox 3.0.x:\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 3.0.14 allow remote attackers to cause a denial of\nservice (memory corruption and application crash) or possibly execute\narbitrary code via unknown vectors (CVE-2009-3069, CVE-2009-3070,\nCVE-2009-3071, CVE-2009-3072).\n\nMultiple unspecified vulnerabilities in the JavaScript engine in\nMozilla Firefox before 3.0.14 allows remote attackers to cause\na denial of service (memory corruption and application crash) or\npossibly execute arbitrary code via unknown vectors (CVE-2009-3073,\nCVE-2009-3074, CVE-2009-3075).\n\nMozilla Firefox before 3.0.14 does not properly implement\ncertain dialogs associated with the (1) pkcs11.addmodule and (2)\npkcs11.deletemodule operations, which makes it easier for remote\nattackers to trick a user into installing or removing an arbitrary\nPKCS11 module (CVE-2009-3076).\n\nMozilla Firefox before 3.0.14 does not properly manage pointers for the\ncolumns (aka TreeColumns) of a XUL tree element, which allows remote\nattackers to execute arbitrary code via a crafted HTML document,\nrelated to a dangling pointer vulnerability. (CVE-2009-3077).\n\nVisual truncation vulnerability in Mozilla Firefox before 3.0.14\nallows remote attackers to trigger a vertical scroll and spoof URLs\nvia unspecified Unicode characters with a tall line-height property\n(CVE-2009-3078).\n\nUnspecified vulnerability in Mozilla Firefox before 3.0.14 allows\nremote attackers to execute arbitrary JavaScript with chrome\nprivileges via vectors involving an object, the FeedWriter, and the\nBrowserFeedWriter (CVE-2009-3079).\n\nThis update provides the latest Mozilla Firefox 3.0.x to correct\nthese issues.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nAffected: 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:236\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.14\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:236.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64910\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:236 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.0.1~3.12mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.0.1~3.12mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.5~4.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~4.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.779~5.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.1.0.12~2.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~2.3.1~2.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.26.1~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.26.1~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.798~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-foxmarks\", rpm:\"firefox-ext-foxmarks~2.7.2~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.6~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-r-kiosk\", rpm:\"firefox-ext-r-kiosk~0.7.2~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.2.3~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-common\", rpm:\"google-gadgets-common~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-gtk\", rpm:\"google-gadgets-gtk~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-qt\", rpm:\"google-gadgets-qt~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-xul\", rpm:\"google-gadgets-xul~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget1.0_0\", rpm:\"libggadget1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-gtk1.0_0\", rpm:\"libggadget-gtk1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-qt1.0_0\", rpm:\"libggadget-qt1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgoogle-gadgets-devel\", rpm:\"libgoogle-gadgets-devel~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom\", rpm:\"python-xpcom~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.26.0~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget1.0_0\", rpm:\"lib64ggadget1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-gtk1.0_0\", rpm:\"lib64ggadget-gtk1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-qt1.0_0\", rpm:\"lib64ggadget-qt1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64google-gadgets-devel\", rpm:\"lib64google-gadgets-devel~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.10mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:42", "description": "The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:236.", "cvss3": {}, "published": "2009-09-21T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:236 (firefox)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64910", "href": "http://plugins.openvas.org/nasl.php?oid=64910", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_236.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:236 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in firefox 3.0.x:\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 3.0.14 allow remote attackers to cause a denial of\nservice (memory corruption and application crash) or possibly execute\narbitrary code via unknown vectors (CVE-2009-3069, CVE-2009-3070,\nCVE-2009-3071, CVE-2009-3072).\n\nMultiple unspecified vulnerabilities in the JavaScript engine in\nMozilla Firefox before 3.0.14 allows remote attackers to cause\na denial of service (memory corruption and application crash) or\npossibly execute arbitrary code via unknown vectors (CVE-2009-3073,\nCVE-2009-3074, CVE-2009-3075).\n\nMozilla Firefox before 3.0.14 does not properly implement\ncertain dialogs associated with the (1) pkcs11.addmodule and (2)\npkcs11.deletemodule operations, which makes it easier for remote\nattackers to trick a user into installing or removing an arbitrary\nPKCS11 module (CVE-2009-3076).\n\nMozilla Firefox before 3.0.14 does not properly manage pointers for the\ncolumns (aka TreeColumns) of a XUL tree element, which allows remote\nattackers to execute arbitrary code via a crafted HTML document,\nrelated to a dangling pointer vulnerability. (CVE-2009-3077).\n\nVisual truncation vulnerability in Mozilla Firefox before 3.0.14\nallows remote attackers to trigger a vertical scroll and spoof URLs\nvia unspecified Unicode characters with a tall line-height property\n(CVE-2009-3078).\n\nUnspecified vulnerability in Mozilla Firefox before 3.0.14 allows\nremote attackers to execute arbitrary JavaScript with chrome\nprivileges via vectors involving an object, the FeedWriter, and the\nBrowserFeedWriter (CVE-2009-3079).\n\nThis update provides the latest Mozilla Firefox 3.0.x to correct\nthese issues.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nAffected: 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:236\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.14\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:236.\";\n\n \n\nif(description)\n{\n script_id(64910);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:236 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.0.1~3.12mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.0.1~3.12mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.5~4.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~4.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.779~5.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.1.0.12~2.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~2.3.1~2.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.8~13.16mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.21~3.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.26.1~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.26.1~1.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.798~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-foxmarks\", rpm:\"firefox-ext-foxmarks~2.7.2~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.6~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-r-kiosk\", rpm:\"firefox-ext-r-kiosk~0.7.2~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.2.3~2.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~9.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.25.3~3.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-common\", rpm:\"google-gadgets-common~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-gtk\", rpm:\"google-gadgets-gtk~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-qt\", rpm:\"google-gadgets-qt~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-xul\", rpm:\"google-gadgets-xul~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget1.0_0\", rpm:\"libggadget1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-gtk1.0_0\", rpm:\"libggadget-gtk1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-qt1.0_0\", rpm:\"libggadget-qt1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgoogle-gadgets-devel\", rpm:\"libgoogle-gadgets-devel~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.9~9.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom\", rpm:\"python-xpcom~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.26.0~3.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget1.0_0\", rpm:\"lib64ggadget1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-gtk1.0_0\", rpm:\"lib64ggadget-gtk1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-qt1.0_0\", rpm:\"lib64ggadget-qt1.0_0~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64google-gadgets-devel\", rpm:\"lib64google-gadgets-devel~0.10.5~8.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.7~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.10mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.14~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:55", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "FreeBSD Ports: firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2016-12-21T00:00:00", "id": "OPENVAS:64897", "href": "http://plugins.openvas.org/nasl.php?oid=64897", "sourceData": "#\n#VID 922d2398-9e2d-11de-a998-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 922d2398-9e2d-11de-a998-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: firefox\n\nFor details on the issues addressed in this update, please\nvisit the referenced security advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-47.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-48.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-49.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-50.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-51.html\nhttp://secunia.com/advisories/36671/2/\nhttp://www.vuxml.org/freebsd/922d2398-9e2d-11de-a998-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64897);\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5.*,1\")>0 && revcomp(a:bver, b:\"3.5.3,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"3.*,1\")>0 && revcomp(a:bver, b:\"3.0.13,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:08", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "FreeBSD Ports: firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3076", "CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064897", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064897", "sourceData": "#\n#VID 922d2398-9e2d-11de-a998-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 922d2398-9e2d-11de-a998-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: firefox\n\nFor details on the issues addressed in this update, please\nvisit the referenced security advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-47.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-48.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-49.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-50.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-51.html\nhttp://secunia.com/advisories/36671/2/\nhttp://www.vuxml.org/freebsd/922d2398-9e2d-11de-a998-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64897\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5.*,1\")>0 && revcomp(a:bver, b:\"3.5.3,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"3.*,1\")>0 && revcomp(a:bver, b:\"3.0.13,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:21", "description": "The host is installed with Firefox browser and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2009-09-11T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities - Sep09 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-01-20T00:00:00", "id": "OPENVAS:900843", "href": "http://plugins.openvas.org/nasl.php?oid=900843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_firefox_mult_vuln_sep09_win.nasl 5055 2017-01-20 14:08:39Z teissa $\n#\n# Mozilla Firefox Multiple Vulnerabilities - Sep09 (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"A remote, unauthenticated attacker could execute arbitrary code or cause a\n vulnerable application to crash.\n Impact Level: System/Application\";\ntag_affected = \"Mozilla Firefox version prior to 3.0.14 and 3.5 before 3.5.3 on Windows.\";\ntag_insight = \"- Multiple errors in the browser and JavaScript engines can be exploited to\n corrupt memory.\n - An error exists when processing operations performed on the columns of a\n XUL tree element. This can be exploited to dereference freed memory via a\n pointer owned by a column of the XUL tree element.\n - An error exists when displaying text in the location bar using the default\n Windows font. This can be exploited to spoof the URL of a trusted site via\n Unicode characters having a tall line-height.\n - An error in the implementation of the 'BrowserFeedWriter' object can be\n exploited to execute arbitrary JavaScript code with chrome privileges.\";\ntag_solution = \"Upgrade to Firefox version 3.0.14 or 3.5.3 or later\n http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"The host is installed with Firefox browser and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(900843);\n script_version(\"$Revision: 5055 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-20 15:08:39 +0100 (Fri, 20 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-11 18:01:06 +0200 (Fri, 11 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3072\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_bugtraq_id(36343);\n script_name(\"Mozilla Firefox Multiple Vulnerabilities - Sep09 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36671/\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-47.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-49.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-50.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-51.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_require_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer)\n{\n exit(0);\n}\n\n# Grep for Firefox version < 3.0.14 and 3.5 < 3.5.3\nif(version_is_less(version:ffVer, test_version:\"3.0.14\") ||\n version_in_range(version:ffVer,test_version:\"3.5\", test_version2:\"3.5.2\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:15", "description": "The host is installed with Firefox browser and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2009-09-11T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-01-20T00:00:00", "id": "OPENVAS:900847", "href": "http://plugins.openvas.org/nasl.php?oid=900847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_firefox_mult_vuln_sep09_lin.nasl 5055 2017-01-20 14:08:39Z teissa $\n#\n# Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"A remote, unauthenticated attacker could execute arbitrary code or cause a\n vulnerable application to crash.\n Impact Level: System/Application\";\ntag_affected = \"Mozilla Firefox version prior to 3.0.14 and 3.5 before 3.5.3 on Linux.\";\ntag_insight = \"- Multiple errors in the browser and JavaScript engines can be exploited to\n corrupt memory.\n - An error exists when processing operations performed on the columns of a\n XUL tree element. This can be exploited to dereference freed memory via a\n pointer owned by a column of the XUL tree element.\n - An error exists when displaying text in the location bar using the default\n Windows font. This can be exploited to spoof the URL of a trusted site via\n Unicode characters having a tall line-height.\n - An error in the implementation of the 'BrowserFeedWriter' object can be\n exploited to execute arbitrary JavaScript code with chrome privileges.\";\ntag_solution = \"Upgrade to Firefox version 3.0.14 or 3.5.3 or later\n http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"The host is installed with Firefox browser and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(900847);\n script_version(\"$Revision: 5055 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-20 15:08:39 +0100 (Fri, 20 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-11 18:01:06 +0200 (Fri, 11 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3072\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_bugtraq_id(36343);\n script_name(\"Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36671/\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-47.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-49.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-50.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-51.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_lin.nasl\");\n script_require_keys(\"Firefox/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Linux/Ver\");\nif(!ffVer)\n{\n exit(0);\n}\n\n# Grep for Firefox version < 3.0.14 and 3.5 < 3.5.3\nif(version_is_less(version:ffVer, test_version:\"3.0.14\") ||\n version_in_range(version:ffVer,test_version:\"3.5\", test_version2:\"3.5.2\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:25", "description": "The host is installed with Firefox browser and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2009-09-11T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities - Sep09 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-12-03T00:00:00", "id": "OPENVAS:1361412562310900843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_firefox_mult_vuln_sep09_win.nasl 12629 2018-12-03 15:19:43Z cfischer $\n#\n# Mozilla Firefox Multiple Vulnerabilities - Sep09 (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900843\");\n script_version(\"$Revision: 12629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-03 16:19:43 +0100 (Mon, 03 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-11 18:01:06 +0200 (Fri, 11 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3072\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_bugtraq_id(36343);\n script_name(\"Mozilla Firefox Multiple Vulnerabilities - Sep09 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36671/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-47.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-49.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-50.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-51.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"A remote, unauthenticated attacker could execute arbitrary code or cause a\n vulnerable application to crash.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version prior to 3.0.14 and 3.5 before 3.5.3 on Windows.\");\n\n script_tag(name:\"insight\", value:\"- Multiple errors in the browser and JavaScript engines can be exploited to\n corrupt memory.\n\n - An error exists when processing operations performed on the columns of a\n XUL tree element. This can be exploited to dereference freed memory via a\n pointer owned by a column of the XUL tree element.\n\n - An error exists when displaying text in the location bar using the default\n Windows font. This can be exploited to spoof the URL of a trusted site via\n Unicode characters having a tall line-height.\n\n - An error in the implementation of the 'BrowserFeedWriter' object can be\n exploited to execute arbitrary JavaScript code with chrome privileges.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.0.14 or 3.5.3 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Firefox browser and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer)\n{\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"3.0.14\") ||\n version_in_range(version:ffVer,test_version:\"3.5\", test_version2:\"3.5.2\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:21", "description": "The host is installed with Firefox browser and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2009-09-11T00:00:00", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2019-04-29T00:00:00", "id": "OPENVAS:1361412562310900847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900847\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-09-11 18:01:06 +0200 (Fri, 11 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3072\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_bugtraq_id(36343);\n script_name(\"Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36671/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-47.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-49.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-50.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-51.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_lin.nasl\");\n script_mandatory_keys(\"Firefox/Linux/Ver\");\n script_tag(name:\"impact\", value:\"A remote, unauthenticated attacker could execute arbitrary code or cause a\n vulnerable application to crash.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version prior to 3.0.14 and 3.5 before 3.5.3 on Linux.\");\n script_tag(name:\"insight\", value:\"- Multiple errors in the browser and JavaScript engines can be exploited to\n corrupt memory.\n\n - An error exists when processing operations performed on the columns of a\n XUL tree element. This can be exploited to dereference freed memory via a\n pointer owned by a column of the XUL tree element.\n\n - An error exists when displaying text in the location bar using the default\n Windows font. This can be exploited to spoof the URL of a trusted site via\n Unicode characters having a tall line-height.\n\n - An error in the implementation of the 'BrowserFeedWriter' object can be\n exploited to execute arbitrary JavaScript code with chrome privileges.\");\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.0.14 or 3.5.3 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Firefox browser and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Linux/Ver\");\nif(!ffVer)\n exit(0);\n\nif(version_is_less(version:ffVer, test_version:\"3.0.14\") ||\n version_in_range(version:ffVer,test_version:\"3.5\", test_version2:\"3.5.2\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:38:05", "description": "The remote host is missing an update to mozilla-thunderbird\nannounced via advisory MDVSA-2009:216.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2625", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064688", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064688", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_216.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:216 (mozilla-thunderbird)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of security vulnerabilities have been discovered in the NSS\nand NSPR libraries and in Mozilla Thunderbird:\n\nSecurity issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nA vulnerability was found in xmltok_impl.c (expat) that with\nspecially crafted XML could be exploited and lead to a denial of\nservice attack. Related to CVE-2009-2625.\n\nThis update provides the latest versions of the NSS and NSPR libraries\nand Thunderbird which are not vulnerable to these issues.\n\nAffected: Corporate 3.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:216\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-42.html\";\ntag_summary = \"The remote host is missing an update to mozilla-thunderbird\nannounced via advisory MDVSA-2009:216.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64688\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\", \"CVE-2009-2625\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-af\", rpm:\"mozilla-thunderbird-af~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-devel\", rpm:\"mozilla-thunderbird-devel~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es_AR\", rpm:\"mozilla-thunderbird-enigmail-es_AR~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-hu\", rpm:\"mozilla-thunderbird-enigmail-hu~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ro\", rpm:\"mozilla-thunderbird-enigmail-ro~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sk\", rpm:\"mozilla-thunderbird-enigmail-sk~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et_EE\", rpm:\"mozilla-thunderbird-et_EE~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gu_IN\", rpm:\"mozilla-thunderbird-gu_IN~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-mk\", rpm:\"mozilla-thunderbird-mk~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pa_IN\", rpm:\"mozilla-thunderbird-pa_IN~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:21", "description": "The remote host is missing an update to mozilla-thunderbird\nannounced via advisory MDVSA-2009:216.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2409", "CVE-2009-2625", "CVE-2009-2408", "CVE-2009-2404"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64688", "href": "http://plugins.openvas.org/nasl.php?oid=64688", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_216.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:216 (mozilla-thunderbird)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of security vulnerabilities have been discovered in the NSS\nand NSPR libraries and in Mozilla Thunderbird:\n\nSecurity issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nA vulnerability was found in xmltok_impl.c (expat) that with\nspecially crafted XML could be exploited and lead to a denial of\nservice attack. Related to CVE-2009-2625.\n\nThis update provides the latest versions of the NSS and NSPR libraries\nand Thunderbird which are not vulnerable to these issues.\n\nAffected: Corporate 3.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:216\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-42.html\";\ntag_summary = \"The remote host is missing an update to mozilla-thunderbird\nannounced via advisory MDVSA-2009:216.\";\n\n \n\nif(description)\n{\n script_id(64688);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\", \"CVE-2009-2625\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-af\", rpm:\"mozilla-thunderbird-af~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-devel\", rpm:\"mozilla-thunderbird-devel~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es_AR\", rpm:\"mozilla-thunderbird-enigmail-es_AR~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-hu\", rpm:\"mozilla-thunderbird-enigmail-hu~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ro\", rpm:\"mozilla-thunderbird-enigmail-ro~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sk\", rpm:\"mozilla-thunderbird-enigmail-sk~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et_EE\", rpm:\"mozilla-thunderbird-et_EE~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gu_IN\", rpm:\"mozilla-thunderbird-gu_IN~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-mk\", rpm:\"mozilla-thunderbird-mk~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pa_IN\", rpm:\"mozilla-thunderbird-pa_IN~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~2.0.0.23~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.15~0.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:56", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-915-1", "cvss3": {}, "published": "2010-03-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird vulnerabilities USN-915-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3376", "CVE-2009-3072", "CVE-2009-0689", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3983", "CVE-2009-3077"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310840402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_915_1.nasl 8485 2018-01-22 07:57:57Z teissa $\n#\n# Ubuntu Update for thunderbird vulnerabilities USN-915-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several flaws were discovered in the JavaScript engine of Thunderbird. If a\n user had JavaScript enabled and were tricked into viewing malicious web\n content, a remote attacker could cause a denial of service or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075)\n\n Josh Soref discovered that the BinHex decoder used in Thunderbird contained\n a flaw. If a user were tricked into viewing malicious content, a remote\n attacker could cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2009-3072)\n \n It was discovered that Thunderbird did not properly manage memory when\n using XUL tree elements. If a user were tricked into viewing malicious\n content, a remote attacker could cause a denial of service or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2009-3077)\n \n Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly\n display filenames containing right-to-left (RTL) override characters. If a\n user were tricked into opening a malicious file with a crafted filename, an\n attacker could exploit this to trick the user into opening a different file\n than the user expected. (CVE-2009-3376)\n \n Takehiro Takahashi discovered flaws in the NTLM implementation in\n Thunderbird. If an NTLM authenticated user opened content containing links\n to a malicious website, a remote attacker could send requests to other\n applications, authenticated as the user. (CVE-2009-3983)\n \n Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain\n messages with attachments. A remote attacker could send specially crafted\n content and cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2010-0163)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-915-1\";\ntag_affected = \"thunderbird vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-915-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840402\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"915-1\");\n script_cve_id(\"CVE-2009-0689\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3077\", \"CVE-2009-3376\", \"CVE-2009-3983\", \"CVE-2010-0163\");\n script_name(\"Ubuntu Update for thunderbird vulnerabilities USN-915-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:18:03", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-915-1", "cvss3": {}, "published": "2010-03-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird vulnerabilities USN-915-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3376", "CVE-2009-3072", "CVE-2009-0689", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3983", "CVE-2009-3077"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840402", "href": "http://plugins.openvas.org/nasl.php?oid=840402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_915_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for thunderbird vulnerabilities USN-915-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several flaws were discovered in the JavaScript engine of Thunderbird. If a\n user had JavaScript enabled and were tricked into viewing malicious web\n content, a remote attacker could cause a denial of service or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075)\n\n Josh Soref discovered that the BinHex decoder used in Thunderbird contained\n a flaw. If a user were tricked into viewing malicious content, a remote\n attacker could cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2009-3072)\n \n It was discovered that Thunderbird did not properly manage memory when\n using XUL tree elements. If a user were tricked into viewing malicious\n content, a remote attacker could cause a denial of service or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2009-3077)\n \n Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly\n display filenames containing right-to-left (RTL) override characters. If a\n user were tricked into opening a malicious file with a crafted filename, an\n attacker could exploit this to trick the user into opening a different file\n than the user expected. (CVE-2009-3376)\n \n Takehiro Takahashi discovered flaws in the NTLM implementation in\n Thunderbird. If an NTLM authenticated user opened content containing links\n to a malicious website, a remote attacker could send requests to other\n applications, authenticated as the user. (CVE-2009-3983)\n \n Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain\n messages with attachments. A remote attacker could send specially crafted\n content and cause a denial of service or possibly execute arbitrary code\n with the privileges of the user invoking the program. (CVE-2010-0163)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-915-1\";\ntag_affected = \"thunderbird vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-915-1/\");\n script_id(840402);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"915-1\");\n script_cve_id(\"CVE-2009-0689\", \"CVE-2009-2463\", \"CVE-2009-3072\", \"CVE-2009-3075\", \"CVE-2009-3077\", \"CVE-2009-3376\", \"CVE-2009-3983\", \"CVE-2010-0163\");\n script_name(\"Ubuntu Update for thunderbird vulnerabilities USN-915-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:16", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-branding-SLED\n MozillaFirefox-translations\n libfreebl3\n mozilla-nspr\n mozilla-nss\n mozilla-nss-tools\n mozilla-xulrunner191\n mozilla-xulrunner191-gnomevfs\n mozilla-xulrunner191-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for Firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65726", "href": "http://plugins.openvas.org/nasl.php?oid=65726", "sourceData": "#\n#VID dbecc804be7d87cf75529f49774665cb\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Firefox\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-branding-SLED\n MozillaFirefox-translations\n libfreebl3\n mozilla-nspr\n mozilla-nss\n mozilla-nss-tools\n mozilla-xulrunner191\n mozilla-xulrunner191-gnomevfs\n mozilla-xulrunner191-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=534458\");\n script_id(65726);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3075\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for Firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.5.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED\", rpm:\"MozillaFirefox-branding-SLED~3.5~1.1.5\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.5.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.12.3.1~1.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.8~1.3.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.12.3.1~1.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.12.3.1~1.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191\", rpm:\"mozilla-xulrunner191~1.9.1.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs\", rpm:\"mozilla-xulrunner191-gnomevfs~1.9.1.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations\", rpm:\"mozilla-xulrunner191-translations~1.9.1.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:24", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-branding-SLED\n MozillaFirefox-translations\n libfreebl3\n mozilla-nspr\n mozilla-nss\n mozilla-nss-tools\n mozilla-xulrunner191\n mozilla-xulrunner191-gnomevfs\n mozilla-xulrunner191-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for Firefox", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065726", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065726", "sourceData": "#\n#VID dbecc804be7d87cf75529f49774665cb\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Firefox\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-branding-SLED\n MozillaFirefox-translations\n libfreebl3\n mozilla-nspr\n mozilla-nss\n mozilla-nss-tools\n mozilla-xulrunner191\n mozilla-xulrunner191-gnomevfs\n mozilla-xulrunner191-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=534458\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65726\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3075\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for Firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.5.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED\", rpm:\"MozillaFirefox-branding-SLED~3.5~1.1.5\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.5.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.12.3.1~1.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.8~1.3.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.12.3.1~1.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.12.3.1~1.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191\", rpm:\"mozilla-xulrunner191~1.9.1.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs\", rpm:\"mozilla-xulrunner191-gnomevfs~1.9.1.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations\", rpm:\"mozilla-xulrunner191-translations~1.9.1.3~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:26", "description": "The remote host is missing an update to epiphany-extensions\nannounced via advisory FEDORA-2009-9505.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064855", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064855", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9505.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9505 (epiphany-extensions)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream Firefox version 3.5.3, fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.3\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nChangeLog:\n\n* Wed Sep 9 2009 Jan Horak - 2.26.1-6\n- Rebuild against newer gecko\n\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=521695\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update epiphany-extensions' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9505\";\ntag_summary = \"The remote host is missing an update to epiphany-extensions\nannounced via advisory FEDORA-2009-9505.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64855\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521684\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521686\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521687\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521688\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521689\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521690\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521691\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521693\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521694\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.26.1~6.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-extensions-debuginfo\", rpm:\"epiphany-extensions-debuginfo~2.26.1~6.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:46", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2010-04-29T00:00:00", "type": "openvas", "title": "Fedora Update for seamonkey FEDORA-2010-7100", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3376", "CVE-2010-0161", "CVE-2009-3072", "CVE-2009-0689", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3983", "CVE-2009-3385", "CVE-2009-3077"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:861922", "href": "http://plugins.openvas.org/nasl.php?oid=861922", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2010-7100\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 11\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039834.html\");\n script_id(861922);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-7100\");\n script_cve_id(\"CVE-2010-0161\", \"CVE-2010-0163\", \"CVE-2009-3075\", \"CVE-2009-3072\", \"CVE-2009-2463\", \"CVE-2009-3385\", \"CVE-2009-3983\", \"CVE-2009-3376\", \"CVE-2009-0689\", \"CVE-2009-3077\");\n script_name(\"Fedora Update for seamonkey FEDORA-2010-7100\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.19~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:33", "description": "Check for the Version of seamonkey", "cvss3": {}, "published": "2010-04-29T00:00:00", "type": "openvas", "title": "Fedora Update for seamonkey FEDORA-2010-7100", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3376", "CVE-2010-0161", "CVE-2009-3072", "CVE-2009-0689", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3983", "CVE-2009-3385", "CVE-2009-3077"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:1361412562310861922", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861922", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2010-7100\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 11\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039834.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861922\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-7100\");\n script_cve_id(\"CVE-2010-0161\", \"CVE-2010-0163\", \"CVE-2009-3075\", \"CVE-2009-3072\", \"CVE-2009-2463\", \"CVE-2009-3385\", \"CVE-2009-3983\", \"CVE-2009-3376\", \"CVE-2009-0689\", \"CVE-2009-3077\");\n script_name(\"Fedora Update for seamonkey FEDORA-2010-7100\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.19~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:09", "description": "The remote host is missing an update to epiphany-extensions\nannounced via advisory FEDORA-2009-9505.", "cvss3": {}, "published": "2009-09-15T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3071", "CVE-2009-3073", "CVE-2009-3079", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3070", "CVE-2009-3069", "CVE-2009-3075", "CVE-2009-3077", "CVE-2009-3078"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64855", "href": "http://plugins.openvas.org/nasl.php?oid=64855", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9505.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9505 (epiphany-extensions)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream Firefox version 3.5.3, fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.3\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nChangeLog:\n\n* Wed Sep 9 2009 Jan Horak - 2.26.1-6\n- Rebuild against newer gecko\n\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=521695\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update epiphany-extensions' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9505\";\ntag_summary = \"The remote host is missing an update to epiphany-extensions\nannounced via advisory FEDORA-2009-9505.\";\n\n\n\nif(description)\n{\n script_id(64855);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3073\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521684\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521686\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521687\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521688\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521689\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521690\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521691\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521693\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=521694\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.26.1~6.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-extensions-debuginfo\", rpm:\"epiphany-extensions-debuginfo~2.26.1~6.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:03", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2010-03-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: seamonkey, linux-seamonkey", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3376", "CVE-2010-0161", "CVE-2009-3072", "CVE-2009-0689", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3983", "CVE-2009-3385", "CVE-2009-3077"], "modified": "2017-02-10T00:00:00", "id": "OPENVAS:67138", "href": "http://plugins.openvas.org/nasl.php?oid=67138", "sourceData": "#\n#VID 56cfe192-329f-11df-abb2-000f20797ede\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 56cfe192-329f-11df-abb2-000f20797ede\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n seamonkey\n linux-seamonkey\n thunderbird\n linux-thunderbird\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-07.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-06.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-68.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-62.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-59.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-49.html\nhttp://www.vuxml.org/freebsd/56cfe192-329f-11df-abb2-000f20797ede.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67138);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-30 18:37:46 +0200 (Tue, 30 Mar 2010)\");\n script_cve_id(\"CVE-2010-0161\", \"CVE-2010-0163\", \"CVE-2009-3075\", \"CVE-2009-3072\", \"CVE-2009-2463\", \"CVE-2009-3385\", \"CVE-2009-3983\", \"CVE-2009-3376\", \"CVE-2009-0689\", \"CVE-2009-3077\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: seamonkey, linux-seamonkey\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.19\")<0) {\n txt += 'Package seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.19\")<0) {\n txt += 'Package linux-seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.24\")<0) {\n txt += 'Package thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0.24\")<0) {\n txt += 'Package linux-thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:06:14", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2010-03-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: seamonkey, linux-seamonkey", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3376", "CVE-2010-0161", "CVE-2009-3072", "CVE-2009-0689", "CVE-2009-2463", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3983", "CVE-2009-3385", "CVE-2009-3077"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:136141256231067138", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067138", "sourceData": "#\n#VID 56cfe192-329f-11df-abb2-000f20797ede\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 56cfe192-329f-11df-abb2-000f20797ede\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n seamonkey\n linux-seamonkey\n thunderbird\n linux-thunderbird\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-07.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-06.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-68.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-62.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-59.html\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-49.html\nhttp://www.vuxml.org/freebsd/56cfe192-329f-11df-abb2-000f20797ede.html\";\ntag_summary = \"The remote host is missi
RHEL 3 : seamonkey (RHSA-2009:1432)
