ID SEAMONKEY_2014.NASL Type nessus Reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. Modified 2021-01-02T00:00:00
Description
The installed version of SeaMonkey is earlier than 2.0.14. Such
versions are potentially affected by the following security issues :
Multiple use-after-free errors exist in the handling of
the object attributes 'mChannel', 'mObserverList' and
'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066,
CVE-2011-0073)
An error exists in the handling of Java applets that
could allow sensitive form history data to be accessed.
(CVE-2011-0067)
An error in the resource protocol could allow directory
traversal. (CVE-2011-0071)
Multiple memory safety issues could lead to application
crashes and possibly remote code execution.
(CVE-2011-0069, CVE-2011-0070, CVE-2011-0072,
CVE-2011-0074, CVE-2011-0075, CVE-2011-0077,
CVE-2011-0078, CVE-2011-0080)
An information disclosure vulnerability exists in the
'xsltGenerateIdFunction' function in the included
libxslt library. (CVE-2011-1202)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(53597);
script_version("1.29");
script_cvs_date("Date: 2018/11/15 20:50:28");
script_cve_id(
"CVE-2011-0065",
"CVE-2011-0066",
"CVE-2011-0067",
"CVE-2011-0069",
"CVE-2011-0070",
"CVE-2011-0071",
"CVE-2011-0072",
"CVE-2011-0073",
"CVE-2011-0074",
"CVE-2011-0075",
"CVE-2011-0077",
"CVE-2011-0078",
"CVE-2011-0080",
"CVE-2011-1202"
);
script_bugtraq_id(
47641,
47646,
47647,
47648,
47651,
47653,
47654,
47655,
47656,
47657,
47659,
47660,
47662,
47663,
47666,
47667,
47668
);
script_xref(name:"EDB-ID", value:"17419");
script_xref(name:"EDB-ID", value:"17520");
script_xref(name:"EDB-ID", value:"18377");
script_xref(name:"Secunia", value:"44357");
script_name(english:"SeaMonkey < 2.0.14 Multiple Vulnerabilities");
script_summary(english:"Checks version of SeaMonkey");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description",value:
"The installed version of SeaMonkey is earlier than 2.0.14. Such
versions are potentially affected by the following security issues :
- Multiple use-after-free errors exist in the handling of
the object attributes 'mChannel', 'mObserverList' and
'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066,
CVE-2011-0073)
- An error exists in the handling of Java applets that
could allow sensitive form history data to be accessed.
(CVE-2011-0067)
- An error in the resource protocol could allow directory
traversal. (CVE-2011-0071)
- Multiple memory safety issues could lead to application
crashes and possibly remote code execution.
(CVE-2011-0069, CVE-2011-0070, CVE-2011-0072,
CVE-2011-0074, CVE-2011-0075, CVE-2011-0077,
CVE-2011-0078, CVE-2011-0080)
- An information disclosure vulnerability exists in the
'xsltGenerateIdFunction' function in the included
libxslt library. (CVE-2011-1202)");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-157/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-158/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-159/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/");
# http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.14
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?340fe7b3");
script_set_attribute(attribute:"solution", value:"Upgrade to SeaMonkey 2.0.14 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/28");
script_set_attribute(attribute:"patch_publication_date", value:"2011/04/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_dependencies("mozilla_org_installed.nasl");
script_require_keys("SeaMonkey/Version");
exit(0);
}
include("mozilla_version.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;
installs = get_kb_list("SMB/SeaMonkey/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");
mozilla_check_version(installs:installs, product:'seamonkey', fix:'2.0.14', severity:SECURITY_HOLE);
{"id": "SEAMONKEY_2014.NASL", "bulletinFamily": "scanner", "title": "SeaMonkey < 2.0.14 Multiple Vulnerabilities", "description": "The installed version of SeaMonkey is earlier than 2.0.14. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n could allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol could allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues could lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)", "published": "2011-04-29T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/53597", "reporter": "This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.", "references": ["https://www.zerodayinitiative.com/advisories/ZDI-11-157/", "http://www.nessus.org/u?340fe7b3", "https://www.zerodayinitiative.com/advisories/ZDI-11-158/", "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/", "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/", "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/", "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/", "https://www.zerodayinitiative.com/advisories/ZDI-11-159/", "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/"], "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "type": "nessus", "lastseen": "2021-01-01T05:32:02", "edition": 27, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["UBUNTU_USN-1122-2.NASL", "MOZILLA_FIREFOX_3617.NASL", "REDHAT-RHSA-2011-0471.NASL", "UBUNTU_USN-1122-3.NASL", "MOZILLA_FIREFOX_3519.NASL", "UBUNTU_USN-1112-1.NASL", "UBUNTU_USN-1122-1.NASL", "CENTOS_RHSA-2011-0471.NASL", "SL_20110428_FIREFOX_ON_SL4_X.NASL", "ORACLELINUX_ELSA-2011-0471.NASL"]}, {"type": "ubuntu", "idList": ["USN-1122-1", "USN-1112-1", "USN-1122-2", "USN-1122-3"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310840650", "OPENVAS:1361412562310880513", "OPENVAS:840640", "OPENVAS:840652", "OPENVAS:1361412562310840640", "OPENVAS:840650", "OPENVAS:870425", "OPENVAS:1361412562310122186", "OPENVAS:1361412562310840675", "OPENVAS:1361412562310880561"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0475", "ELSA-2011-0473", "ELSA-2011-0471"]}, {"type": "centos", "idList": ["CESA-2011:0473", "CESA-2011:0471"]}, {"type": "redhat", "idList": ["RHSA-2011:0473", "RHSA-2011:0471", "RHSA-2011:0475"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2235-1:7DA12", "DEBIAN:BSA-034:9DF39", "DEBIAN:DSA-2227-1:C543D", "DEBIAN:DSA-2228-1:3272E"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11633"]}, {"type": "suse", "idList": ["SUSE-SA:2011:022"]}, {"type": "zdi", "idList": ["ZDI-11-158", "ZDI-11-157", "ZDI-11-159"]}], "modified": "2021-01-01T05:32:02", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-01-01T05:32:02", "rev": 2}, "vulnersScore": 6.8}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53597);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2011-0065\",\n \"CVE-2011-0066\",\n \"CVE-2011-0067\",\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0071\",\n \"CVE-2011-0072\",\n \"CVE-2011-0073\",\n \"CVE-2011-0074\",\n \"CVE-2011-0075\",\n \"CVE-2011-0077\",\n \"CVE-2011-0078\",\n \"CVE-2011-0080\",\n \"CVE-2011-1202\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47647,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47659,\n 47660,\n 47662,\n 47663,\n 47666,\n 47667,\n 47668\n );\n script_xref(name:\"EDB-ID\", value:\"17419\");\n script_xref(name:\"EDB-ID\", value:\"17520\");\n script_xref(name:\"EDB-ID\", value:\"18377\");\n script_xref(name:\"Secunia\", value:\"44357\");\n\n script_name(english:\"SeaMonkey < 2.0.14 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of SeaMonkey is earlier than 2.0.14. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n could allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol could allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues could lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-157/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-159/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\");\n # http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.14\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?340fe7b3\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.0.14 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.0.14', severity:SECURITY_HOLE);", "naslFamily": "Windows", "pluginID": "53597", "cpe": ["cpe:/a:mozilla:seamonkey"], "scheme": null}
{"nessus": [{"lastseen": "2021-01-01T03:49:20", "description": "The installed version of Firefox is earlier than 3.5.19. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow a directory\n traversal attack. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)", "edition": 27, "published": "2011-04-29T00:00:00", "title": "Firefox < 3.5.19 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_3519.NASL", "href": "https://www.tenable.com/plugins/nessus/53593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53593);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-0065\",\n \"CVE-2011-0066\",\n \"CVE-2011-0067\",\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0071\",\n \"CVE-2011-0072\",\n \"CVE-2011-0073\",\n \"CVE-2011-0074\",\n \"CVE-2011-0075\",\n \"CVE-2011-0077\",\n \"CVE-2011-0078\",\n \"CVE-2011-0080\",\n \"CVE-2011-1202\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47647,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47659,\n 47660,\n 47662,\n 47663,\n 47666,\n 47667,\n 47668\n );\n script_xref(name:\"EDB-ID\", value:\"17419\");\n script_xref(name:\"EDB-ID\", value:\"17520\");\n script_xref(name:\"EDB-ID\", value:\"17612\");\n script_xref(name:\"EDB-ID\", value:\"17650\");\n script_xref(name:\"EDB-ID\", value:\"17672\");\n script_xref(name:\"EDB-ID\", value:\"18377\");\n script_xref(name:\"Secunia\", value:\"44357\");\n\n script_name(english:\"Firefox < 3.5.19 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 3.5.19. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow a directory\n traversal attack. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-157/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-159/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82f2fc1c\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 3.5.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.5.19', min:'3.5', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:48", "description": "USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and\nMaverick. This update provides the corresponding fixes for Natty.\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled\ncertain JavaScript requests. If JavaScript were enabled, an\nattacker could exploit this to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling\nof a certain types of documents. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and\nJesse Ruderman discovered several memory vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML\nrendering code. An attacker could exploit these to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0077,\nCVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the\nhandling of certain DOM elements. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free\nvulnerabilities in Thunderbird's mChannel and mObserverList\nobjects. An attacker could exploit these to possibly run\narbitrary code as the user running Thunderbird.\n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the\nhandling of the nsTreeSelection element. An attacker sending\na specially crafted E-Mail could exploit this to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of\nJava applets. If plugins were enabled, an attacker could use\nthis to mimic interaction with form autocomplete controls\nand steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource:\nprotocol. This could potentially allow an attacker to load\narbitrary files that were accessible to the user running\nThunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable.\n(CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-06-13T00:00:00", "title": "Ubuntu 11.04 : thunderbird vulnerabilities (USN-1122-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "p-cpe:/a:canonical:ubuntu_linux:thunderbird"], "id": "UBUNTU_USN-1122-2.NASL", "href": "https://www.tenable.com/plugins/nessus/55081", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1122-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55081);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_bugtraq_id(47641, 47646, 47647, 47648, 47651, 47653, 47654, 47655, 47656, 47659, 47662, 47663, 47666, 47667, 47668);\n script_xref(name:\"USN\", value:\"1122-2\");\n\n script_name(english:\"Ubuntu 11.04 : thunderbird vulnerabilities (USN-1122-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and\nMaverick. This update provides the corresponding fixes for Natty.\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled\ncertain JavaScript requests. If JavaScript were enabled, an\nattacker could exploit this to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling\nof a certain types of documents. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and\nJesse Ruderman discovered several memory vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML\nrendering code. An attacker could exploit these to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0077,\nCVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the\nhandling of certain DOM elements. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free\nvulnerabilities in Thunderbird's mChannel and mObserverList\nobjects. An attacker could exploit these to possibly run\narbitrary code as the user running Thunderbird.\n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the\nhandling of the nsTreeSelection element. An attacker sending\na specially crafted E-Mail could exploit this to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of\nJava applets. If plugins were enabled, an attacker could use\nthis to mimic interaction with form autocomplete controls\nand steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource:\nprotocol. This could potentially allow an attacker to load\narbitrary files that were accessible to the user running\nThunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable.\n(CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1122-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"thunderbird\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:49:28", "description": "The installed version of Firefox 3.6 is earlier than 3.6.17. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080, CVE-2011-0081)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)", "edition": 27, "published": "2011-04-29T00:00:00", "title": "Firefox 3.6 < 3.6.17 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_3617.NASL", "href": "https://www.tenable.com/plugins/nessus/53594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53594);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-0065\",\n \"CVE-2011-0066\",\n \"CVE-2011-0067\",\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0071\",\n \"CVE-2011-0072\",\n \"CVE-2011-0073\",\n \"CVE-2011-0074\",\n \"CVE-2011-0075\",\n \"CVE-2011-0077\",\n \"CVE-2011-0078\",\n \"CVE-2011-0080\",\n \"CVE-2011-0081\",\n \"CVE-2011-1202\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47647,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47659,\n 47660,\n 47662,\n 47663,\n 47667,\n 47668\n );\n script_xref(name:\"EDB-ID\", value:\"17419\");\n script_xref(name:\"EDB-ID\", value:\"17520\");\n script_xref(name:\"EDB-ID\", value:\"17612\");\n script_xref(name:\"EDB-ID\", value:\"17650\");\n script_xref(name:\"EDB-ID\", value:\"17672\");\n script_xref(name:\"EDB-ID\", value:\"18377\");\n script_xref(name:\"Secunia\", value:\"44357\");\n\n script_name(english:\"Firefox 3.6 < 3.6.17 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox 3.6 is earlier than 3.6.17. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080, CVE-2011-0081)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-157/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-159/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cbff22e\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 3.6.17 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.17', min:'3.6', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:58", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 26, "published": "2011-05-02T00:00:00", "title": "CentOS 4 / 5 : firefox (CESA-2011:0471)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-05-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/53598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0471 and \n# CentOS Errata and Security Advisory 2011:0471 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53598);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"RHSA\", value:\"2011:0471\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2011:0471)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017460.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9b76e816\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017461.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cabd06ba\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017470.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e54017ae\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017471.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c2b0bf5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.6.17-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.6.17-2.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.6.17-1.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.2.17-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.2.17-3.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:09:07", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 28, "published": "2011-04-29T00:00:00", "title": "RHEL 4 / 5 / 6 : firefox (RHSA-2011:0471)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2011-04-29T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/53580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0471. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53580);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"RHSA\", value:\"2011:0471\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : firefox (RHSA-2011:0471)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1202\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab0bbddd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0471\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0471\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.6.17-2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.6.17-1.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.2.17-3.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.2.17-3.el5_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-3.6.17-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-3.6.17-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.17-4.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.17-4.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.17-4.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:47", "description": "It was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain\nJavaScript requests. If JavaScript were enabled, an attacker could\nexploit this to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse\nRuderman discovered several memory vulnerabilities. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering\ncode. An attacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of\ncertain DOM elements. An attacker could exploit this to possibly run\narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in\nThunderbird's mChannel and mObserverList objects. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of\nthe nsTreeSelection element. An attacker sending a specially crafted\nE-Mail could exploit this to possibly run arbitrary code as the user\nrunning Thunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nIf plugins were enabled, an attacker could use this to mimic\ninteraction with form autocomplete controls and steal entries from the\nform history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that\nwere accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-06-13T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird"], "id": "UBUNTU_USN-1122-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55080", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1122-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55080);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_bugtraq_id(47641, 47646, 47647, 47648, 47651, 47653, 47654, 47655, 47656, 47659, 47662, 47663, 47666, 47667, 47668);\n script_xref(name:\"USN\", value:\"1122-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain\nJavaScript requests. If JavaScript were enabled, an attacker could\nexploit this to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse\nRuderman discovered several memory vulnerabilities. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering\ncode. An attacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of\ncertain DOM elements. An attacker could exploit this to possibly run\narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in\nThunderbird's mChannel and mObserverList objects. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of\nthe nsTreeSelection element. An attacker sending a specially crafted\nE-Mail could exploit this to possibly run arbitrary code as the user\nrunning Thunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nIf plugins were enabled, an attacker could use this to mimic\ninteraction with form autocomplete controls and steal entries from the\nform history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that\nwere accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1122-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"thunderbird\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"thunderbird\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:34", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110428_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61025", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61025);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata&T=0&P=3138\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3390d95\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected firefox, xulrunner and / or xulrunner-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.6.17-2.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.6.17-1.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.2.17-3.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.2.17-3.el5_6\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-3.6.17-1.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-1.9.2.17-4.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-1.9.2.17-4.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:53", "description": "USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A\nregression was introduced which caused Thunderbird to display an empty\nmenu bar. This update fixes the problem. We apologize for the\ninconvenience.\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled\ncertain JavaScript requests. If JavaScript were enabled, an\nattacker could exploit this to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling\nof a certain types of documents. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and\nJesse Ruderman discovered several memory vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML\nrendering code. An attacker could exploit these to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0077,\nCVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the\nhandling of certain DOM elements. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free\nvulnerabilities in Thunderbird's mChannel and mObserverList\nobjects. An attacker could exploit these to possibly run\narbitrary code as the user running Thunderbird.\n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the\nhandling of the nsTreeSelection element. An attacker sending\na specially crafted E-Mail could exploit this to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of\nJava applets. If plugins were enabled, an attacker could use\nthis to mimic interaction with form autocomplete controls\nand steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource:\nprotocol. This could potentially allow an attacker to load\narbitrary files that were accessible to the user running\nThunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable.\n(CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-06-13T00:00:00", "title": "Ubuntu 11.04 : thunderbird regression (USN-1122-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-globalmenu"], "id": "UBUNTU_USN-1122-3.NASL", "href": "https://www.tenable.com/plugins/nessus/55082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1122-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55082);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1122-3\");\n\n script_name(english:\"Ubuntu 11.04 : thunderbird regression (USN-1122-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A\nregression was introduced which caused Thunderbird to display an empty\nmenu bar. This update fixes the problem. We apologize for the\ninconvenience.\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled\ncertain JavaScript requests. If JavaScript were enabled, an\nattacker could exploit this to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling\nof a certain types of documents. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and\nJesse Ruderman discovered several memory vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML\nrendering code. An attacker could exploit these to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0077,\nCVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the\nhandling of certain DOM elements. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free\nvulnerabilities in Thunderbird's mChannel and mObserverList\nobjects. An attacker could exploit these to possibly run\narbitrary code as the user running Thunderbird.\n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the\nhandling of the nsTreeSelection element. An attacker sending\na specially crafted E-Mail could exploit this to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of\nJava applets. If plugins were enabled, an attacker could use\nthis to mimic interaction with form autocomplete controls\nand steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource:\nprotocol. This could potentially allow an attacker to load\narbitrary files that were accessible to the user running\nThunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable.\n(CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1122-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird-globalmenu package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-globalmenu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"thunderbird-globalmenu\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.11.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird-globalmenu\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:52", "description": "From Red Hat Security Advisory 2011:0471 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-0471)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2011-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/68261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0471 and \n# Oracle Linux Security Advisory ELSA-2011-0471 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68261);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"RHSA\", value:\"2011:0471\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-0471)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0471 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002106.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-3.6.17-2.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.6.17-1.0.1.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.2.17-3.0.1.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.2.17-3.0.1.el5_6\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-3.6.17-1.0.1.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-1.9.2.17-4.0.1.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-1.9.2.17-4.0.1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:41", "description": "It was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse\nRuderman discovered several memory vulnerabilities. An attacker could\nexploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering\ncode. An attacker could exploit these to possibly run arbitrary code\nas the user running Firefox. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of\ncertain DOM elements. An attacker could exploit this to possibly run\narbitrary code as the user running Firefox. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in\nFirefox's mChannel and mObserverList objects. An attacker could\nexploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of\nthe nsTreeSelection element. An attacker serving malicious content\ncould exploit this to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nAn attacker could use this to mimic interaction with form autocomplete\ncontrols and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that\nwere accessible to the user running Firefox. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-06-13T00:00:00", "title": "Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-1112-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1112-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55070", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1112-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55070);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1112-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-1112-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse\nRuderman discovered several memory vulnerabilities. An attacker could\nexploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering\ncode. An attacker could exploit these to possibly run arbitrary code\nas the user running Firefox. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of\ncertain DOM elements. An attacker could exploit this to possibly run\narbitrary code as the user running Firefox. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in\nFirefox's mChannel and mObserverList objects. An attacker could\nexploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of\nthe nsTreeSelection element. An attacker serving malicious content\ncould exploit this to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nAn attacker could use this to mimic interaction with form autocomplete\ncontrols and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that\nwere accessible to the user running Firefox. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1112-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner-1.9.2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.6.17+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.17+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox\", pkgver:\"3.6.17+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.17+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"3.6.17+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox\", pkgver:\"3.6.17+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner-1.9.2\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:39:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1112-1", "modified": "2019-03-13T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:1361412562310840640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840640", "type": "openvas", "title": "Ubuntu Update for firefox USN-1112-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1112_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for firefox USN-1112-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1112-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840640\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1112-1\");\n script_cve_id(\"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0071\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for firefox USN-1112-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|9\\.10|10\\.10|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1112-1\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 9.10,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0081)\n\n It was discovered that Firefox incorrectly handled certain JavaScript\n requests. An attacker could exploit this to possibly run arbitrary code as\n the user running Firefox. (CVE-2011-0069)\n\n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0070)\n\n Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman\n discovered several memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n\n Aki Helin discovered multiple vulnerabilities in the HTML rendering code.\n An attacker could exploit these to possibly run arbitrary code as the user\n running Firefox. (CVE-2011-0074, CVE-2011-0075)\n\n Ian Beer discovered multiple overflow vulnerabilities. An attacker could\n exploit these to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0077, CVE-2011-0078)\n\n Martin Barbella discovered a memory vulnerability in the handling of\n certain DOM elements. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0072)\n\n It was discovered that there were use-after-free vulnerabilities in\n Firefox's mChannel and mObserverList objects. An attacker could exploit\n these to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0065, CVE-2011-0066)\n\n It was discovered that there was a vulnerability in the handling of the\n nsTreeSelection element. An attacker serving malicious content could\n exploit this to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0073)\n\n Paul Stone discovered a vulnerability in the handling of Java applets. An\n attacker could use this to mimic interaction with form autocomplete\n controls and steal entries from the form history. (CVE-2011-0067)\n\n Soroush Dalili discovered a vulnerability in the resource: protocol. This\n could potentially allow an attacker to load arbitrary files that were\n accessible to the user running Firefox. (CVE-2011-0071)\n\n Chris Evans discovered a vulnerability in Firefox's XSLT generate-id()\n function. An attacker could possibly use this vulnerability to make other\n attacks more reliable. (CVE-2011-1202)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881346", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:0471 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:0471 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017461.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881346\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:30:49 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\",\n \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\",\n \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\",\n \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0471\");\n script_name(\"CentOS Update for firefox CESA-2011:0471 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n\n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n\n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the 'rows' and 'cols' attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n\n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n\n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n\n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n\n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n\n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n\n A double free flaw was found in the way Firefox handled\n 'application/http-index-format' documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n\n A flaw was found in the way Firefox handled certain JavaScript cross-domain\n requests. If malicious content generated a large number of cross-domain\n JavaScript reque ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.17~3.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.17~3.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1112-1", "modified": "2017-12-01T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:840640", "href": "http://plugins.openvas.org/nasl.php?oid=840640", "type": "openvas", "title": "Ubuntu Update for firefox USN-1112-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1112_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for firefox USN-1112-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0081)\n\n It was discovered that Firefox incorrectly handled certain JavaScript\n requests. An attacker could exploit this to possibly run arbitrary code as\n the user running Firefox. (CVE-2011-0069)\n \n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0070)\n \n Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman\n discovered several memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n \n Aki Helin discovered multiple vulnerabilities in the HTML rendering code.\n An attacker could exploit these to possibly run arbitrary code as the user\n running Firefox. (CVE-2011-0074, CVE-2011-0075)\n \n Ian Beer discovered multiple overflow vulnerabilities. An attacker could\n exploit these to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0077, CVE-2011-0078)\n \n Martin Barbella discovered a memory vulnerability in the handling of\n certain DOM elements. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0072)\n \n It was discovered that there were use-after-free vulnerabilities in\n Firefox's mChannel and mObserverList objects. An attacker could exploit\n these to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0065, CVE-2011-0066)\n \n It was discovered that there was a vulnerability in the handling of the\n nsTreeSelection element. An attacker serving malicious content could\n exploit this to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0073)\n \n Paul Stone discovered a vulnerability in the handling of Java applets. An\n attacker could use this to mimic interaction with form autocomplete\n controls and steal entries from the form history. (CVE-2011-0067)\n \n Soroush Dalili discovered a vulnerability in the resource: protocol. This\n could potentially allow an attacker to load arbitrary files that were\n accessible to the user running Firefox. (CVE-2011-0071)\n \n Chris Evans discovered a vulnerability in Firefox's XSLT generate-id()\n function. An attacker could possibly use this vulnerability to make other\n attacks more reliable. (CVE-2011-1202)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1112-1\";\ntag_affected = \"firefox on Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1112-1/\");\n script_id(840640);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1112-1\");\n script_cve_id(\"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0071\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for firefox USN-1112-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n \n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2011-05-05T00:00:00", "id": "OPENVAS:1361412562310870425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870425", "type": "openvas", "title": "RedHat Update for firefox RHSA-2011:0471-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2011:0471-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-April/msg00025.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870425\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-05 07:14:22 +0200 (Thu, 05 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0471-01\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_name(\"RedHat Update for firefox RHSA-2011:0471-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n\n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n\n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the 'rows' and 'cols' attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n\n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n\n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n\n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n\n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n\n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n\n A double free flaw was found in the way Firefox handled\n 'application/http-index-format' documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n\n A flaw was foun ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~1.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.17~1.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.17~3.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.2.17~3.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.17~3.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.17~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880561", "href": "http://plugins.openvas.org/nasl.php?oid=880561", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:0471 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:0471 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n \n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n \n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the "rows" and "cols" attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n \n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n \n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n \n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n \n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n \n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n \n A double free flaw was found in the way Firefox handled\n "application/http-index-format" documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n \n A flaw was found in the way Firefox handled certain JavaScript cross-domain\n requests. If malicious content generated a large number of cross-domain\n JavaScript reque ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017470.html\");\n script_id(880561);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0471\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\",\n \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\",\n \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_name(\"CentOS Update for firefox CESA-2011:0471 centos4 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~2.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880561", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:0471 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:0471 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017470.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880561\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0471\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\",\n \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\",\n \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_name(\"CentOS Update for firefox CESA-2011:0471 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 4\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n\n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n\n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the 'rows' and 'cols' attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n\n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n\n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n\n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n\n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n\n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n\n A double free flaw was found in the way Firefox handled\n 'application/http-index-format' documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n\n A flaw was found in the way Firefox handled certain JavaScript cross-domain\n requests. If malicious content generated a large number of cross-domain\n JavaScript reque ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~2.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Oracle Linux Local Security Checks ELSA-2011-0471", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122186", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0471", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0471.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122186\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:29 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0471\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0471 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0471\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0471.html\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~1.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.17~3.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.17~3.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~1.0.1.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.17~4.0.1.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.17~4.0.1.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:55:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Check for the Version of firefox", "modified": "2017-07-12T00:00:00", "published": "2011-05-05T00:00:00", "id": "OPENVAS:870425", "href": "http://plugins.openvas.org/nasl.php?oid=870425", "type": "openvas", "title": "RedHat Update for firefox RHSA-2011:0471-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2011:0471-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n \n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n \n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the "rows" and "cols" attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n \n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n \n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n \n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n \n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n \n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n \n A double free flaw was found in the way Firefox handled\n "application/http-index-format" documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n \n A flaw was foun ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-April/msg00025.html\");\n script_id(870425);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-05 07:14:22 +0200 (Thu, 05 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0471-01\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_name(\"RedHat Update for firefox RHSA-2011:0471-01\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~1.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.17~1.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.17~3.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.2.17~3.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.17~3.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.6.17~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1122-2", "modified": "2017-12-01T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:840650", "href": "http://plugins.openvas.org/nasl.php?oid=840650", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1122-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1122_2.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for thunderbird USN-1122-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick.\n This update provides the corresponding fixes for Natty.\n\n Original advisory details:\n \n It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0081)\n \n It was discovered that Thunderbird incorrectly handled certain JavaScript\n requests. If JavaScript were enabled, an attacker could exploit this to\n possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0069)\n \n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n \n Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman\n discovered several memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0080)\n \n Aki Helin discovered multiple vulnerabilities in the HTML rendering code.\n An attacker could exploit these to possibly run arbitrary code as the user\n running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n \n Ian Beer discovered multiple overflow vulnerabilities. An attacker could\n exploit these to possibly run arbitrary code as the user running\n Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n \n Martin Barbella discovered a memory vulnerability in the handling of\n certain DOM elements. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n \n It was discovered that there were use-after-free vulnerabilities in\n Thunderbird's mChannel and mObserverList objects. An attacker could exploit\n these to possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0065, CVE-2011-0066)\n \n It was discovered that there was a vulnerability in the handling of the\n nsTreeSelection element. An attacker sending a specially crafted E-Mail\n could exploit this to possibly run arbitrary code as the user running\n Thunderbird. (CVE-2011-0073)\n \n Paul Stone discovered a vulnerability in the handling of Java applets. If\n plugins were enabled, an attacker could use this to mimic interaction with\n form autocomplete controls and steal entries from the form history.\n (CVE-2011-0067)\n \n Soroush Dalili discovered a vulnerability in the resource: protocol. This\n could potentially allow an attacker to load arbitrary files that were\n accessible to the user running Thunderbird. (CV ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1122-2\";\ntag_affected = \"thunderbird on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1122-2/\");\n script_id(840650);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1122-2\");\n script_cve_id(\"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0071\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for thunderbird USN-1122-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"3.1.10+build1+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1122-3", "modified": "2017-12-01T00:00:00", "published": "2011-06-10T00:00:00", "id": "OPENVAS:840675", "href": "http://plugins.openvas.org/nasl.php?oid=840675", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1122-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1122_3.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for thunderbird USN-1122-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A\n regression was introduced which caused Thunderbird to display an empty menu\n bar. This update fixes the problem. We apologize for the inconvenience.\n\n Original advisory details:\n \n It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0081)\n \n It was discovered that Thunderbird incorrectly handled certain JavaScript\n requests. If JavaScript were enabled, an attacker could exploit this to\n possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0069)\n \n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n \n Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman\n discovered several memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0080)\n \n Aki Helin discovered multiple vulnerabilities in the HTML rendering code.\n An attacker could exploit these to possibly run arbitrary code as the user\n running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n \n Ian Beer discovered multiple overflow vulnerabilities. An attacker could\n exploit these to possibly run arbitrary code as the user running\n Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n \n Martin Barbella discovered a memory vulnerability in the handling of\n certain DOM elements. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n \n It was discovered that there were use-after-free vulnerabilities in\n Thunderbird's mChannel and mObserverList objects. An attacker could exploit\n these to possibly run arbitrary code as the user running Thunderbird.\n (CVE-2011-0065, CVE-2011-0066)\n \n It was discovered that there was a vulnerability in the handling of the\n nsTreeSelection element. An attacker sending a specially crafted E-Mail\n could exploit this to possibly run arbitrary code as the user running\n Thunderbird. (CVE-2011-0073)\n \n Paul Stone discovered a vulnerability in the handling of Java applets. If\n plugins were enabled, an attacker could use this to mimic interaction with\n form autocomplete controls and steal entries from the form history.\n (CVE-2011-0067)\n \n Soroush Dalili discovered a vulnerability in the resource: protocol. This\n could potentially allow an att ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1122-3\";\ntag_affected = \"thunderbird on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1122-3/\");\n script_id(840675);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1122-3\");\n script_cve_id(\"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0071\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for thunderbird USN-1122-3\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird-globalmenu\", ver:\"3.1.10+build1+nobinonly-0ubuntu0.11.04.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:10", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox. (CVE-2011-0080,\nCVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nFirefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page\nwith an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A\nmalformed HTML document could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element.\nMalformed content could cause Firefox to execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol\nhandler. Malicious content could cause Firefox to access arbitrary files\naccessible to the user running Firefox. (CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Firefox to execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain\nrequests. If malicious content generated a large number of cross-domain\nJavaScript requests, it could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information.\n(CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function\nreturned the memory address of an object in memory, which could possibly be\nused by attackers to bypass address randomization protections.\n(CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.17. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.17, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:10", "published": "2011-04-28T04:00:00", "id": "RHSA-2011:0471", "href": "https://access.redhat.com/errata/RHSA-2011:0471", "type": "redhat", "title": "(RHSA-2011:0471) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running SeaMonkey. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nSeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A web\npage with an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running SeaMonkey. (CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee elements.\nA malformed HTML document could cause SeaMonkey to execute arbitrary code\nwith the privileges of the user running SeaMonkey. (CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection element.\nMalformed content could cause SeaMonkey to execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause SeaMonkey to execute arbitrary code with\nthe privileges of the user running SeaMonkey. (CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "modified": "2017-09-08T11:51:24", "published": "2011-04-28T04:00:00", "id": "RHSA-2011:0473", "href": "https://access.redhat.com/errata/RHSA-2011:0473", "type": "redhat", "title": "(RHSA-2011:0473) Critical: seamonkey security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:13", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content. An\nHTML mail message containing malicious content could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled\nout-of-memory conditions. If all memory was consumed when a user viewed a\nmalicious HTML mail message, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Thunderbird.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML\nframeset tag. An HTML mail message with a frameset tag containing large\nvalues for the \"rows\" and \"cols\" attributes could trigger this flaw,\npossibly leading to arbitrary code execution with the privileges of the\nuser running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag. An\nHTML mail message with an iframe tag containing a specially-crafted source\naddress could trigger this flaw, possibly leading to arbitrary code\nexecution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2011-0073)\n\nA directory traversal flaw was found in the Thunderbird resource://\nprotocol handler. Malicious content could cause Thunderbird to access\narbitrary files accessible to the user running Thunderbird. (CVE-2011-0071)\n\nA double free flaw was found in the way Thunderbird handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Thunderbird to execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-0070)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2018-06-06T20:24:23", "published": "2011-04-28T04:00:00", "id": "RHSA-2011:0475", "href": "https://access.redhat.com/errata/RHSA-2011:0475", "type": "redhat", "title": "(RHSA-2011:0475) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:28:58", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. \nThis update provides the corresponding fixes for Natty.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "USN-1122-2", "href": "https://ubuntu.com/security/notices/USN-1122-2", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:42:23", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "It was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript \nrequests. An attacker could exploit this to possibly run arbitrary code as \nthe user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Firefox. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nFirefox's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker serving malicious content could \nexploit this to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. An \nattacker could use this to mimic interaction with form autocomplete \ncontrols and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Firefox. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "USN-1112-1", "href": "https://ubuntu.com/security/notices/USN-1112-1", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:28:28", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A \nregression was introduced which caused Thunderbird to display an empty menu \nbar. This update fixes the problem. We apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-06-06T00:00:00", "published": "2011-06-06T00:00:00", "id": "USN-1122-3", "href": "https://ubuntu.com/security/notices/USN-1122-3", "title": "Thunderbird regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:25:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "It was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)", "edition": 5, "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "USN-1122-1", "href": "https://ubuntu.com/security/notices/USN-1122-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "firefox:\n[3.6.17-1.0.1.el6_0]\n- Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js\n[3.6.17-1]\n- Update to 3.6.17\nxulrunner:\n[1.9.2.17-4.0.1.el6_0]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n[1.9.2.17-4]\n- Rebuild\n[1.9.2.17-3]\n- Update to 1.9.2.17", "edition": 4, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "ELSA-2011-0471", "href": "http://linux.oracle.com/errata/ELSA-2011-0471.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:20", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0078", "CVE-2011-0072"], "description": "[1.0.9-70.0.1.el4_8]\n- Add mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and remove corresponding RedHat ones\n[1.0.9-70.el4]\n- Added fixes for mozbz#645565 and mozbz#646460\n[1.0.9-69.el4]\n- Added fixes from 1.9.1.19", "edition": 4, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "ELSA-2011-0473", "href": "http://linux.oracle.com/errata/ELSA-2011-0473.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:31", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0078", "CVE-2011-0070"], "description": "[3.1.10-1.0.1.el6_0]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.10-1]\n- Update to 3.1.10", "edition": 4, "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "ELSA-2011-0475", "href": "http://linux.oracle.com/errata/ELSA-2011-0475.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:00", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0471\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox. (CVE-2011-0080,\nCVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nFirefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page\nwith an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A\nmalformed HTML document could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element.\nMalformed content could cause Firefox to execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol\nhandler. Malicious content could cause Firefox to access arbitrary files\naccessible to the user running Firefox. (CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Firefox to execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain\nrequests. If malicious content generated a large number of cross-domain\nJavaScript requests, it could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information.\n(CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function\nreturned the memory address of an object in memory, which could possibly be\nused by attackers to bypass address randomization protections.\n(CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.17. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.17, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029498.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029499.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029508.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029509.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n", "edition": 3, "modified": "2011-04-29T21:10:44", "published": "2011-04-29T15:48:25", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/029498.html", "id": "CESA-2011:0471", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:48", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0078", "CVE-2011-0072"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0473\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running SeaMonkey. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nSeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A web\npage with an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running SeaMonkey. (CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee elements.\nA malformed HTML document could cause SeaMonkey to execute arbitrary code\nwith the privileges of the user running SeaMonkey. (CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection element.\nMalformed content could cause SeaMonkey to execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause SeaMonkey to execute arbitrary code with\nthe privileges of the user running SeaMonkey. (CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029506.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029507.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\n\n**Upstream details at:**\n", "edition": 3, "modified": "2011-04-29T20:53:41", "published": "2011-04-29T20:53:41", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/029506.html", "id": "CESA-2011:0473", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2227-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 30, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 \n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 \n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n \nThe oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-1.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2011-04-30T15:09:09", "published": "2011-04-30T15:09:09", "id": "DEBIAN:DSA-2227-1:C543D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00096.html", "title": "[SECURITY] [DSA 2227-1] iceape security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:21:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2235-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073\n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078\n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-05-10T20:15:08", "published": "2011-05-10T20:15:08", "id": "DEBIAN:DSA-2235-1:7DA12", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00104.html", "title": "[SECURITY] [DSA 2235-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:30:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2228-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 01, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073\n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078\n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been found in Iceweasel, a web browser \nbased on Firefox:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n \nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-05-01T16:51:09", "published": "2011-05-01T16:51:09", "id": "DEBIAN:DSA-2228-1:3272E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00097.html", "title": "[SECURITY] [DSA 2228-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:19:00", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "description": "Mike Hommey uploaded new packages for iceweasel which fixed the\nfollowing security problems:\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.5.16-7~bpo50+1.\n\nFor the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.\n \nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.\n\nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository\nto 200 so that new versions of installed backports will be installed\nautomatically. \n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "edition": 3, "modified": "2011-05-12T10:01:56", "published": "2011-05-12T10:01:56", "id": "DEBIAN:BSA-034:9DF39", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201105/msg00000.html", "title": "[BSA-034] Security Update for iceweasel", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0068", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0079", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0076", "CVE-2011-0067", "CVE-2011-0072"], "description": "Multiple memory corruptions, uninitialized pointer dereferences, information leakage, code execution.", "edition": 1, "modified": "2011-05-11T00:00:00", "published": "2011-05-11T00:00:00", "id": "SECURITYVULNS:VULN:11633", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11633", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:32:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0068", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0079", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0076", "CVE-2011-0067", "CVE-2011-0072"], "description": "The Mozilla suite of browsers received security updates.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-05-05T17:46:39", "published": "2011-05-05T17:46:39", "id": "SUSE-SA:2011:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00001.html", "title": "remote code execution, remote denial of service in MozillaFirefox,seamonkey,MozillaThunderbird", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}